Re: my KDF vs dictionary attacks


"David Eather" <eather@xxxxxxxxxx> wrote in message
news:13uauj5pn9sfcdc@xxxxxxxxxxxxxxxxxxxxx
Terminology might be catching you here. Using the hash function rather
than applying the password as a key directly is a good move. "Stretching"
has a meaning of making the password to key function take more time.

ahh ok thanks for the clarifcation on that one, i thought it was just making
it fit the key length requirements of the cypher

Not trivial, but certainly possible. This is what password stretching
helps with. Because the password to key function now takes time to
compute a smaller number of possibilities may be sufficient the reason is
that it takes more time to find the key and with a little bit of luck or
design that can be pushed into the realms of infeasible for the attacker.

2^512 is a massive number. Having a known s-box is not a problem almost
all cypto algorithms have known s-boxes (also linear is a crypto term with
a specific meaning. Most s-boxes are reasonably non-linear )

as i said, once the input to the sbox is known, every output is know, i need
to redesign it, some help on that front would be appreciated

I am assuming you are using the hash function to assemble a stream cipher.
The number of iterations does make a difference for the starting point.
No one can search the entire 2^512 outputs that are possible, so they will
attack by trying to find the password - making the initial password to key
transform slow makes the attacker's work more difficult. The wiki example
for example adds the equivalent of 16 bits more to the key because of the
time it takes.


yes i am creating a stream cipher that processes 4 bytes at a time, each
call to the encypher function processes a total of 64 bytes, or one block of
key

i modified my code this morning to iterate 65536 times (please note i am
also making a correction to the pseudo-code)

key = hash( password + salt )
for i = 1 to 65536 do
f(key & hex(i))
salt = sbox(salt)
key = hash( key + salt )

There are other answers possible, for example I don't understand your
question. I can't see any reason to do what I think you are suggesting. I
don't know why you are thinking of a 200000 entry dictionary of
pass-phrases, why you want one, or why you want to expand it. To compete
with the wiki example you would want something like 13,107,200,000
entries.

the wiki entry on cryptographic salts uses 200,000 dictionary entries, i
used that value as well because without a given size of dictionary the
calculation would not have been possible, it in no way indicates the size of
any dictionary in use now or in the future

in fact, if the user makes uses non english characters as well as english
characters, the attacker would need to compile a dictionary size of 2^128 to
test every possability of a 16 character pass phrase

ok let me rephrase the question, i'll break it up into two parts for ease of
reading

part 1)
assume a user key of 128-bits that uses only english words and letters,
would the dictionary to attack such a pass phrase be smaller than if the
pass phrase input from the user utilized every possible character within the
byte table. by byte table i am reffering to characters
null - ÿ.

part 2)
given that there are 4 possible key sizes that can be utilized by the user,
would an attacker need to compile a dictionary for all key sizes
irrespective of if the pass phrase only uses english words or not.

You are just SO LUCKY that JP no longer posts here.

i expect he would have flamed me til the cows came home and then plonked me,
much like most people here have done, minus the excessive flaming


.

Relevant Pages

  • Re: my KDF vs dictionary attacks
    ... Because the password to key function now takes time to compute a smaller number of possibilities may be sufficient the reason is that it takes more time to find the key and with a little bit of luck or design that can be pushed into the realms of infeasible for the attacker. ... in fact, if the user makes uses non english characters as well as english characters, the attacker would need to compile a dictionary size of 2^128 to test every possability of a 16 character pass phrase ... assume a user key of 128-bits that uses only english words and letters, would the dictionary to attack such a pass phrase be smaller than if the pass phrase input from the user utilized every possible character within the byte table. ...
    (sci.crypt)
  • Strong Passwords Revisited
    ... The professional security community tells us over and over again that strong ... and punctuation or other special characters. ... attacker who knows you to guess your password. ... Passwords derive their strength from the statistical ...
    (comp.security.misc)
  • Strong Passwords Revisited
    ... The professional security community tells us over and over again that strong ... and punctuation or other special characters. ... attacker who knows you to guess your password. ... Passwords derive their strength from the statistical ...
    (comp.os.ms-windows.nt.admin.security)
  • Strong Passwords Revisited
    ... The professional security community tells us over and over again that strong ... and punctuation or other special characters. ... attacker who knows you to guess your password. ... Passwords derive their strength from the statistical ...
    (microsoft.public.win2000.security)
  • Re: Passwords: length vs. complexity
    ... number of characters in it, but by the number of tokens. ... character passphrase consists of 7 words, ... Always consider an attacker with inside knowledge. ...
    (Security-Basics)