Confirmed users
471
edits
Identity/CryptoIdeas/01-PBKDF-scrypt: Difference between revisions
Jump to navigation
Jump to search
m
Identity/CryptoIdeas/01-PBKDF-scrypt (view source)
Revision as of 01:49, 6 April 2012
, 6 April 2012→Attacks
(mostly done) |
m (→Attacks) |
||
| Line 28: | Line 28: | ||
; Primary Server and Friends : the primary/secondary server holds the WUK, as well as other verification data used to decide whether to honor requests to update the WUK later, both of which can be used to attack the user's password and thus the Password-Wrapping-Key (PWK), which then combines with the WUK to get the ultimate goal: the User Key (UK). This category of attacker includes anyone who can get access to the WUK: admins of the server, anyone who successfully breaks into the server or gets a copy of a backup disk, and any party who can coerce/subpoena the admins into revealing a WUK. | ; Primary Server and Friends : the primary/secondary server holds the WUK, as well as other verification data used to decide whether to honor requests to update the WUK later, both of which can be used to attack the user's password and thus the Password-Wrapping-Key (PWK), which then combines with the WUK to get the ultimate goal: the User Key (UK). This category of attacker includes anyone who can get access to the WUK: admins of the server, anyone who successfully breaks into the server or gets a copy of a backup disk, and any party who can coerce/subpoena the admins into revealing a WUK. | ||
In general, attacks must start | In general, attacks must start by stealing/possessing an | ||
"oracle" value (like the MAC portion of the WUK) which allows them to test | "oracle" value (like the MAC portion of the WUK) which allows them to test | ||
whether a given password is correct or not. Then the attacker generates | whether a given password is correct or not. Then the attacker generates | ||