Confirmed users
471
edits
Identity/CryptoIdeas/01-PBKDF-scrypt: Difference between revisions
Identity/CryptoIdeas/01-PBKDF-scrypt (view source)
Revision as of 01:52, 6 April 2012
, 6 April 2012→PBKDF User/Attacker Costs
m (→Attacks) |
|||
| Line 45: | Line 45: | ||
To start with, it's reasonable to hope that the user's password contains | To start with, it's reasonable to hope that the user's password contains | ||
about 35 bits of entropy (when expressed as groups of purely-random base32 | about 35 bits of entropy (when expressed as groups of purely-random base32 | ||
characters, this looks like "rf-o5m-t6"). | characters, this looks like "rf-o5m-t6"). Some users may use better | ||
generation techniques, some worse. The attacker's costs scale directly with | |||
the space of passwords that must be searched: a user who can make passwords | |||
with 40 bits of entropy will increase the attacker's costs by 32x over the | |||
baseline explored here. | |||
PBKDF is basically multiple rounds of SHA256 hashing, designed to increase | PBKDF is basically multiple rounds of SHA256 hashing, designed to increase | ||