[148646] in cryptography@c2.net mail archive
Re: [Cryptography] Passwords are dying - get over it
daemon@ATHENA.MIT.EDU (Lars Luthman)
Mon Dec 23 18:18:49 2013
X-Original-To: cryptography@metzdowd.com
From: Lars Luthman <mail@larsluthman.net>
To: cryptography@metzdowd.com
Date: Mon, 23 Dec 2013 19:10:26 +0100
In-Reply-To: <CAOLP8p6y2iYCcUOQY21kCWcuFo-M4GZD=QiDea_4BbPcSsEyZQ@mail.gmail.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============2351144011904526263==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature"; boundary="=-gUQQ2xKg5c+28OvklRJp"
--=-gUQQ2xKg5c+28OvklRJp
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
On Mon, 2013-12-23 at 10:10 -0500, Bill Cox wrote:=20
> The bad news: even the 0.1% of us who bother to add key stretching to our
> ssh private key's only get 2048 rounds of AES-256, which wont even slow
> down an ASIC based cracker. All this does is provide security against
> hackers with graphics cards, and not much security at that. Frankly, thi=
s
> protection is so dismal, I give up. Whoever is influencing TrueCrypt and
> OpenSSL into hard-coding 2048 worthless rounds of key stretching designed
> to be efficient on ASICs wins.
But how much key stretching do you want? Even with a billion rounds you
don't add more than ~30 bits of work, which is less than what you get by
adding three more words to a Diceware-like passphrase using a dictionary
with 2000 words.
--ll
--=-gUQQ2xKg5c+28OvklRJp
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAABCgAGBQJSuHySAAoJEKZaiTrBe5RL+qUP/iKkZ1gm8WPMdUFADuxDpTMr
wuugOQnJe7iAyiQL416+u+TiU7LLpjn46QA5ivlnt35rsetqI1Oiz/f2/siEN/tg
wtOwXBNtMKhidutNiPorywdMPaaVkl2lW+269w8ng6tGqdggvyeEQzTcCq/CKq/n
JSRgGwqaBlIfDegiZzg/dEdLbmOq71zPGduJIN0QkX5w5iP9yFHgUFTtpvsczcSI
nMN0TuY+92fYjX5FKjpM4txQSbGYSUMrF1PiJnbLVL8ihc34ToLCAjH/QZHqbJY2
HRiEDHexGfjIdFddJdedpeDyQmMfOhGhsrYUjvyGoH222p1+kRxLU96o8aItKay7
TnlFMhDb+1/773bjKfJdqjKc2/T70qb0pt+IRY44zmf4fK6eK78YN/fR6pKFvfck
7qmJR08SLmpkPyift5zWJtik2kgdXDapXGGnDSVLfdf20gpngJeD/cPzMPnkaF3Q
GnXiHNgRNRhmDDy1+pWy3G4xZdEh2ry4qZuG2eRzfDb0yJLYXiKrxR9yRo3zz5Tz
ncIFWNzvHQL5/fR54+YiQRRZQ/7zYDKDk6CndT4Uwhm6UE45m9Az8ZGuO4bAAJHy
lLX+FDktHPfCn/Ggczo6mWXVkqa8cP11RyybEqVSwxGC3scENQmazohb/NwhDdPO
QO9Z/N7Eg05r1LrbqXzF
=EsbY
-----END PGP SIGNATURE-----
--=-gUQQ2xKg5c+28OvklRJp--
--===============2351144011904526263==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============2351144011904526263==--
