On Sat, Sep 24, 2005 at 04:24:01PM -0700, Stefan Karpinski wrote: > Ouch. 32 is not a lot of key material for critical purposes, > especially since each letter of a typical password contains far less > than a byte of entropy. What was the motivation for switching from > crypto++ to Botan? Of course, my purposes are hardly critical, so I > think I'll just use a shorter key. Thanks for the prompt reply.
I think it was an arbitrary (or perhaps accidental) limit in Botan's implementation, since usually a key is generated from hashing data first. A better solution is probably to feed the passphrase into PBKDF2 (basically lots of hashing to make it more resiliant against bruteforcing), and then use those 20 bytes as the key for something standard like PKCS #8. That'll require "migrating" keys (and knowing passphrases) - perhaps that would be worth doing alongside the work of moving private keys outside the database. The rationale for Botan is that it is a lot nicer to compile and keep compiling with new versions of g++, the code is a lot more readable, and good docs exist. Matt _______________________________________________ Monotone-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/monotone-devel
