Re: [OT] passphrases Was: Re: Allowing paste into pinentry-gtk-2?
On 19/04/11 1:15 PM, Robert J. Hansen wrote: > > Megacorporations will probably not be willing to drop that kind of > coin on dedicated key crackers, but if bin Laden's current GPS > coordinates were protected by RC5/64 you'd see Fort Meade's chip fab > line working round-the-clock shifts. Actually we wouldn't see it, but it would happen anyway and after the missile strike a report about on the ground intelligence and/or special forces would be appended to the story to explain it away. ;) Regards, Ben signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [OT] passphrases Was: Re: Allowing paste into pinentry-gtk-2?
> There's still a big difference between trying to brute-force a > cryptographically-strong 64-bit key, and applying dictionary attacks > against against an English-based passphrase. If there exists a difference, I'm unaware of it. > If I recall correctly, > none of the attacks you mentioned attacked the passphrase protecting a > secret key (which is what we're talking about); rather, they were > attempts to recover plaintext in the *absence* of the secret key by > trying all possible decryption keys within the keyspace. And that's exactly what we want to do when we break a passphrase: recover the plaintext of the (encrypted) private-key material by trying all possible decryption keys within the keyspace of the symmetric key which encrypts it. The passphrase generates the session key. > In short, I believe the context is different, and that passphrase > attacks against the secret key are vulnerable in a way that attacks on > ciphertext are not. I emphatically disagree. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [OT] passphrases Was: Re: Allowing paste into pinentry-gtk-2?
On Mon, Apr 18, 2011 at 3:56 PM, Robert J. Hansen wrote: > To give you an example, RC5-64 was a giant distributed network of computers > run by hobbyists using spare CPU cycles, trying to brute-force a 64-bit key. There's still a big difference between trying to brute-force a cryptographically-strong 64-bit key, and applying dictionary attacks against against an English-based passphrase. If I recall correctly, none of the attacks you mentioned attacked the passphrase protecting a secret key (which is what we're talking about); rather, they were attempts to recover plaintext in the *absence* of the secret key by trying all possible decryption keys within the keyspace. In short, I believe the context is different, and that passphrase attacks against the secret key are vulnerable in a way that attacks on ciphertext are not. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [OT] passphrases Was: Re: Allowing paste into pinentry-gtk-2?
> I think a lot of this password philosophy is nonsense for most people. The > only things that are likely to be brute-forced are Edge devices with some > sort of tactical purpose. Average Joe user is more at risk from phishing or > another social engineering tactic. Tactical communications are at essentially zero risk for brute-forcing or cryptanalysis unless the key is ridiculously small or the cipher ridiculously simple. By their very nature, tactical communications involve very short periods of time: "attack the beach at dawn" is a message that only needs to be secure until dawn. By the time you break the crypto the traffic is no longer of value to you. Strategic communications are at huge risk for brute-forcing. "If you agree to sell us oil at $4 below market rate for the next 30 years, we will look the other way as you annex Berzerkistan" is the kind of communication that needs to be kept secret for decades. That means all different kinds of cryptanalysis and brute force become feasible. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [OT] passphrases Was: Re: Allowing paste into pinentry-gtk-2?
I think a lot of this password philosophy is nonsense for most people. The only things that are likely to be brute-forced are Edge devices with some sort of tactical purpose. Average Joe user is more at risk from phishing or another social engineering tactic. I'm a big fan of ridiculously large passwords that are completely unintelligible that include all sorts of !)/GJhj32;':" characters for static non-user based accounts. Now that password has to be stored though, which then gets into how should the password itself be secured... -Devin Sent on the Sprint® Now Network from my BlackBerry® -Original Message- From: David Shaw Sender: gnupg-users-boun...@gnupg.org Date: Mon, 18 Apr 2011 22:21:49 To: Robert J. Hansen Cc: GnuPG Users Subject: Re: [OT] passphrases Was: Re: Allowing paste into pinentry-gtk-2? On Apr 18, 2011, at 6:56 PM, Robert J. Hansen wrote: >> Yes, well, that would mean that a 32-character English passphrase will >> average about 64 bits of randomness. Is that really enough to protect >> a key from an offline brute force attack? I think not, but am open to >> being persuaded. :) > > As I've said a few times now, no question about "is X really sufficient to > protect a passphrase from being broken?" can be answered without a lot of > context. Who are you worried about breaking it? How hard will they try? > > To give you an example, RC5-64 was a giant distributed network of computers > run by hobbyists using spare CPU cycles, trying to brute-force a 64-bit key. > Their volunteer network was much larger than anyone outside of > megacorporations or First World intelligence agencies or major crime > syndicates have. > > It took them eighteen months. Actually around 58 months: just under 5 years. > 64-bit crypto isn't good for long-term storage, but if you want to foil > someone who doesn't have megacorporation-level resources for a period of > months or years, it'll do just fine. Against First World intelligence > agencies it might take a few seconds. Are you asserting that there exists a group that can brute-force a 64-bit key in a few seconds? David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [OT] passphrases Was: Re: Allowing paste into pinentry-gtk-2?
> Are you asserting that there exists a group that can brute-force a 64-bit key
> in a few seconds?
First, thanks for the correction on the RC5-64 project.
Short answer: no, I am not asserting a group exists that can brute-force a
64-bit key in a few seconds. I am asserting that it's plausible such a group
might exist, and if so it is probably a First World intelligence agency.
The EFF's DES cracker ("Deep Crack"), built in 1998 using now 13-year-old
technology, exhausts a 56-bit keyspace in nine days at a cost of $250,000. A
64-bit keyspace is only a factor of 250 harder, and brute-forcing is
parallelizable. Set up 250 Deep Crack-style machines in parallel and you're
out $60 million, plus building space and personnel... call it $100 million
total. Scale this machine up to $1 billion and you're looking at some pretty
quick keyspace exhaustion.
Megacorporations will probably not be willing to drop that kind of coin on
dedicated key crackers, but if bin Laden's current GPS coordinates were
protected by RC5/64 you'd see Fort Meade's chip fab line working
round-the-clock shifts.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [OT] passphrases Was: Re: Allowing paste into pinentry-gtk-2?
On Apr 18, 2011, at 6:56 PM, Robert J. Hansen wrote: >> Yes, well, that would mean that a 32-character English passphrase will >> average about 64 bits of randomness. Is that really enough to protect >> a key from an offline brute force attack? I think not, but am open to >> being persuaded. :) > > As I've said a few times now, no question about "is X really sufficient to > protect a passphrase from being broken?" can be answered without a lot of > context. Who are you worried about breaking it? How hard will they try? > > To give you an example, RC5-64 was a giant distributed network of computers > run by hobbyists using spare CPU cycles, trying to brute-force a 64-bit key. > Their volunteer network was much larger than anyone outside of > megacorporations or First World intelligence agencies or major crime > syndicates have. > > It took them eighteen months. Actually around 58 months: just under 5 years. > 64-bit crypto isn't good for long-term storage, but if you want to foil > someone who doesn't have megacorporation-level resources for a period of > months or years, it'll do just fine. Against First World intelligence > agencies it might take a few seconds. Are you asserting that there exists a group that can brute-force a 64-bit key in a few seconds? David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [OT] passphrases Was: Re: Allowing paste into pinentry-gtk-2?
> Yes, well, that would mean that a 32-character English passphrase will > average about 64 bits of randomness. Is that really enough to protect > a key from an offline brute force attack? I think not, but am open to > being persuaded. :) As I've said a few times now, no question about "is X really sufficient to protect a passphrase from being broken?" can be answered without a lot of context. Who are you worried about breaking it? How hard will they try? To give you an example, RC5-64 was a giant distributed network of computers run by hobbyists using spare CPU cycles, trying to brute-force a 64-bit key. Their volunteer network was much larger than anyone outside of megacorporations or First World intelligence agencies or major crime syndicates have. It took them eighteen months. 64-bit crypto isn't good for long-term storage, but if you want to foil someone who doesn't have megacorporation-level resources for a period of months or years, it'll do just fine. Against First World intelligence agencies it might take a few seconds. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [OT] passphrases Was: Re: Allowing paste into pinentry-gtk-2?
On Sat, Apr 16, 2011 at 8:02 PM, Robert J. Hansen wrote: > The best numbers I've seen regarding passphrase entropy suggest that plain > English text has in the neighborhood of 1.5 to 2.5 bits of entropy per glyph. > Just FYI. You can find these numbers in Shannon's original works on > entropy, among other places. Yes, well, that would mean that a 32-character English passphrase will average about 64 bits of randomness. Is that really enough to protect a key from an offline brute force attack? I think not, but am open to being persuaded. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [OT] passphrases Was: Re: Allowing paste into pinentry-gtk-2?
On 17-04-2011 21:32, Robert J. Hansen wrote: >> I thought that was the main reason for using a hash of the >> password/phrase as symmetric key, to usilize the whole keyspace. > > English has about two bits of entropy per glyph, so a ten-character English > passphrase will have about twenty bits of entropy regardless of what > algorithm you use to hash it. You can't make an insecure passphrase suddenly > 256 bits of entropy strong by using SHA-256. :) No, but it would prevent that a 100 char keyspace would still not utilize the whole keyspace because all characters are 7 bit. -- Met vriendelijke groet, Johan Wevers ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [OT] passphrases Was: Re: Allowing paste into pinentry-gtk-2?
> I thought that was the main reason for using a hash of the > password/phrase as symmetric key, to usilize the whole keyspace. English has about two bits of entropy per glyph, so a ten-character English passphrase will have about twenty bits of entropy regardless of what algorithm you use to hash it. You can't make an insecure passphrase suddenly 256 bits of entropy strong by using SHA-256. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [OT] passphrases Was: Re: Allowing paste into pinentry-gtk-2?
On 17-04-2011 4:56, Todd A. Jacobs wrote: > While I'm not disputing that you've created a reasonably strong > passphrase, my original point was that any passphrase that isn't fully > random has a reduced keyspace. I thought that was the main reason for using a hash of the password/phrase as symmetric key, to usilize the whole keyspace. And of course to have a key of the correct length out of any length password without possibly cutting it off or passing with zeroes (giving a reduced keyspace) as added bonus. -- With kind regards, Johan Wevers ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [OT] passphrases Was: Re: Allowing paste into pinentry-gtk-2?
> While I'm not disputing that you've created a reasonably strong > passphrase, my original point was that any passphrase that isn't fully > random has a reduced keyspace. I'm not enough of a mathemagician to > say how much it's reduced, but it's certainly reduced by a non-zero > amount. The best numbers I've seen regarding passphrase entropy suggest that plain English text has in the neighborhood of 1.5 to 2.5 bits of entropy per glyph. Just FYI. You can find these numbers in Shannon's original works on entropy, among other places. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [OT] passphrases Was: Re: Allowing paste into pinentry-gtk-2?
On Sat, Apr 16, 2011 at 11:00 AM, Peter Pentchev wrote: > Mine, for instance, is over 30 characters long and, while it is derived > from a couple of phrases, none of its components would be found by any > reasonable brute-force or even dictionary attack, even by people who > know me (please note that I did say "reasonable" WRT resources). So, no common prefixes, suffixes, or parts of words? No syntactical regularities, such as punctuation at the end of a sentence? No language-specific dipthongs, digraphs, etc? No regular substitutions (e.g. 3 for E)? So on and so forth. :) While I'm not disputing that you've created a reasonably strong passphrase, my original point was that any passphrase that isn't fully random has a reduced keyspace. I'm not enough of a mathemagician to say how much it's reduced, but it's certainly reduced by a non-zero amount. Consider: Th qk brwn fx jmpd vr th lz dg. None of the words are in an English language dictionary, but I can't imagine anyone saying this would be resistant to a dictionary attack, since any good cryptographic dictionary would probably take such regular transformations into account. At 32 characters, it's certainly random enough to stump a human's brute force attempts, but I wouldn't hold it up as the gold standard for protecting cryptographic keys. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
[OT] passphrases Was: Re: Allowing paste into pinentry-gtk-2?
On Fri, Apr 15, 2011 at 11:47:34PM -0700, Todd A. Jacobs wrote: > Currently, it looks like pinentry-gtk-2 (I'm using 0.8.0) doesn't allow > pasting from the clipboard. This is annoying, because a truly long, > randomized password is not practical to type into a hidden dialog box. It > really seems like pinentry forces one to use short, insecure passwords. Uhm, somewhat off-topic (so marked in the subject line), and... I really don't want to start a flamewar here, but there really, really *is* a bit of a middle ground between a "short, insecure passphrase" and a "long, randomly-generated one that simply must be copy/pasted" - namely, a long, non-randomly generated one that can be written out "by hand" :) Mine, for instance, is over 30 characters long and, while it is derived from a couple of phrases, none of its components would be found by any reasonable brute-force or even dictionary attack, even by people who know me (please note that I did say "reasonable" WRT resources). > One > supposes there is a trade-off in security here, but I'm more concerned about > brute-force attacks on the passphrase than I am about someone sniffing the > clipboard--it seems that if they have access to my clipboard, they can > probably log my keystrokes, anyway, right? So offline attacks against the > key's passphrase seem more likely. > > So, I really have two questions. First, is it possible to force pinentry > dialogs to allow pasting from the clipboard? Secondly, is it possible to > force the CLI to use an alternate pinentry (say, pinentry-curses) or some > other method to populate an existing gpg-agent with a cached passphrase? G'luck, Peter -- Peter Pentchev r...@ringlet.net r...@freebsd.org pe...@packetscale.com PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If this sentence were in Chinese, it would say something else. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
