[tahoe-dev] Idea for a Publish/Subscribe Message System on Tahoe-LAFS

Shawn Willden shawn at willden.org
Sun Apr 8 21:13:59 UTC 2012


I find that strip rather disappointing (even after correcting the URL so it
works).  Munroe usually does his homework better than that.  44 bits of
entropy really isn't very much these days, and his estimate of 550 years to
guess assumes a 1000 passwords per second testing rate, which is at least
three orders of magnitude too low -- for a single CPU.  Throw a thousand
CPUs at it (not terribly difficult or expensive using Amazon or similar)
and you can easily exceed a billion tests per second for many common
password hashing algorithms.

On Sun, Apr 8, 2012 at 11:47 AM, Ted Rolle, Jr. <stercor at gmail.com> wrote:

>  http://www.xkcd.cm/936
>
>
> On 04/08/2012 08:10 AM, Jeffrey Burdges wrote:
>
> There is an enormous risk of a rainbow table attack on the key space by a
> malicious server, but maybe you could move the proof-of-work to the key
> space side to reduce this. An independent source picks a new key seed every
> n months, thus forcing the searcher to hash their searches using all
> previous seeds, but preventing the server from using rainbow tables as
> effectively. I would also be interested in working on such a weakly secure
> search infrastructure project. I'm rather surprised that nobody has built
> this or similar yet actually, it's trivial conceptually and not too hard to
> implement. Jeff Burdges _______________________________________________
> tahoe-dev mailing list tahoe-dev at tahoe-lafs.org
> https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
>
>
> _______________________________________________
> tahoe-dev mailing list
> tahoe-dev at tahoe-lafs.org
> https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
>
>


-- 
Shawn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20120408/9fd654e1/attachment.html>


More information about the tahoe-dev mailing list