On Mon, May 31, 2010 at 9:17 AM, Bram Moolenaar <b...@moolenaar.net> wrote: > > Mohsin wrote: > >> Attaching patch7.zip encryption Key_strengthening >> >> Changes: >> 1 added 8 bytes salt to file header, >> 2. sha256_key takes password, salt, salt_len (salt is binary, not >> null terminated) >> 3. sha256_seed also generates salt along with iv. >> 4. bf_key_init takes password and salt. >> 5. bf_key_init converts ascii hex key[64] to binary key[32] (this >> change is independent of the 1..4 above) >> >> Also attached is vc-proj.zip (contains dsp and dsw project files). >> The HG repository didn't have these files, so I copied them from older >> older source tree. >> Might be useful to others on this list using vc++ on windows to debug. > > Can you explain what this does, how it makes the encryption stronger, > and if there is any impact on performance? A link to a page that > explains it would be helpful.
Here is the doc for salting, this can be added to the code: http://en.wikipedia.org/wiki/Key_strengthening Its summary is: The salt is a random number concatenated to the password to create a one time key. This prevents someone from precomputing keys (dictionary), because the salt is a different in each file. The key computation is slowed down for offline attack; this prevents someone with the file+salt but not the password, from using brute force - That is they feed all passwords 'a', 'aa', ... but they should NOT have enough time to to try all 8 char passwords. === Other docs that relate to this code: http://en.wikipedia.org/wiki/Blowfish_%28cipher%29 http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation > > -- > hundred-and-one symptoms of being an internet addict: > 132. You come back and check this list every half-hour. > > /// Bram Moolenaar -- b...@moolenaar.net -- http://www.Moolenaar.net \\\ > /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ > \\\ download, build and distribute -- http://www.A-A-P.org /// > \\\ help me help AIDS victims -- http://ICCF-Holland.org /// > -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php
