Quoth Eli Cohen <echol...@gmail.com>: > well... I have a few questions already. I have heard that thorough > scrutiny of dp9ik would be appreciated as Ori said, and hasn't really > been done yet.
I'm not sure that's an entirely accurate characterization of what I said. The protocol is still following p9sk1, but with an initial secret derived using a well understood password authenticated key exchange protocol (SPAKE2), and a complete replacement of DES with a modern AEAD cipher (chacha20-poly1305). More scrutiny is *always* welcome, but the algorithm used is well scrutinized outside of plan9, and put together in fairly well understood ways. As far as what exists in p9sk1: It's effectively broken. It was possible to decrypt 56 bit keys on $250,000 hardware in less than a day, back in 1998. Over 20 years ago. By 2006, the cost dropped to $10,000 or so. Today, there are commercial services like crack.sh, which claim 25 seconds for typical unsalted password (that's us!), going up to 3.5 days for a full brute force run. With GPUs, it'll probably within reach of a bored teenager soon, if it isn't already. ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/Tc82939f1fda0e479-M9abccf1c9c1e189f3b8fbcd8 Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
