From: Ted Unangst (teduzeitbombe.org)
Date: Mon Jan 03 2005 - 20:51:21 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 3 Jan 2005, Roland C. Dowdeswell wrote:

> Yes, and it is well accepted that passwords/passphrases do not
> generally contain enough randomness to resist dictionary attacks.
> The fact that vnd does not use a salt means that the attack only
> needs to be performed once---and it would surprise me if someone
> was not sitting on a large disk farm with the 2^30 or so most common
> passphrases already brute-forced.

i have to admit, i hadn't thought too much about passphrase/key security,
and didn't look at what cgdconfig did in much detail when porting it.

but given the speed of computers, how much do you think 1 sec key
generation times will slow an attacker down? at one guess per second,
2^30 is 34 years. with 10000 computers, that's only 12 days. there's
just too much known plaintext on the disk. i think this is where gbde
wins. maybe it needs a bit of key management, but the encryption method
it uses impresses me a lot more.

> You can't really claim that svnd is just old junk file, because:
>
> 1. gzip -9 will cause the file to grow which is a good
> clue that the contents were encrypted or at least
> random, and

call it "Star Wars - Episode 3.mpg". you can even put a valid mpeg header
at the front of it. just cause it doesn't play doesn't mean you didn't
expect it to when you downloaded it. certainly happened to me. :)

while i have your attention, i think there's some confusion regarding
milliseconds and microseconds in your calibration routines. for a
certainty, calibrate did not work as advertised on openbsd (even
correcting the ret -> 10000 change i slipped into the posted version).

--
desire is not an occupation

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]