On 04/21/13 23:57, Ted Unangst wrote:
On Sun, Apr 21, 2013 at 19:00, and...@msu.edu wrote:
The example in vnconfig shows 20,000. I picked 30K.
This is a 2.8G core2 duo machine, encrypting mail and
other stuff.
I haven't found sources on the net that have explained
what low security is, up to total paranoia with regards
# of rounds.
Ideas? URLs for good places to read?
As many as don't annoy you. 100k will be about half a second on a CPU.
The problem is the bad guys aren't going to be using CPUs.
A single computer with a few high end graphics cards can do
somewhere in the neighborhood of 3 billion hashes in one second. 1000
rounds (the bare minimum for pbkdf2) turns that into 3 million/s. 100k
turns it into 30k/s.
The work factor and time required scale linearly for both you and the
attacker, the attacker just has somewhere ranging from 15000 to many
more times more computing resources at his disposal. It's hard to
directly equate time you spend waiting with time it will cost some
unknown attacker.
Your best bet is a longer password. Nothing will save you if your
password is a word from a dictionary, or some 3lit3 spelling thereof.
An interesting read:
http://www.tarsnap.com/scrypt/scrypt.pdf
There is a table at the top of page 14 that compares hypothetical
hardware cracking costs. If you suspect somebody with a million
dollars, access to chip fabrication facilities, and a year to wait
will be interested in reading your email, you should use at least 100k
rounds and and a ten character random password.
Thank you, Ted. Well said and confirmed some thoughts I'd
had. Something like this ought to go into the FAQ, perhaps
Thanks again!
--STeve Andre'
