On Thu, 2016-12-22 at 11:22 +0100, Arne Babenhauserheide wrote: > > > Is it somehow possible to decrypt parts of > > > the store at random in the hope of hitting a random uploaded > > > private > > > key > > > (a variant of the birthday attack against the password which would > > > avoid > > > having to query the network for each check)? > > > > > > > Of course it is. Your scheme is completely broken; at the very least > > the > > "passphrase" should be salted, hashed and iterated... and yes, that > > means getting the user to remember the salt too. > > The passphrase must be as strong as would be needed for passphrase > plus salt. > > For hashing and iterating: Is that of practical utility when I’m > sticking the password into a KSK in the end? Isn’t the cost of > attacking > the KSK much higher than the cost of hashing and iterating? > > (this is my core question here: what’s the cost of attacking a > randomly generated KSK?)
The answer is in src/freenet/keys/ClientKSK.java It's designed to be fast, not secure... so unless you iterate it, I think that it is madness. Florent
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl