[tahoe-dev] Idea for a Publish/Subscribe Message System on Tahoe-LAFS

James A. Donald jamesd at echeque.com
Sun Apr 8 23:26:58 UTC 2012


On 2012-04-09 7:13 AM, Shawn Willden wrote:
> I find that strip rather disappointing (even after correcting the URL so it
> works).  Munroe usually does his homework better than that.  44 bits of
> entropy really isn't very much these days, and his estimate of 550 years to
> guess assumes a 1000 passwords per second testing rate, which is at least
> three orders of magnitude too low -- for a single CPU.

Not so: Rather, two orders of magnitude too high.

Normally, in systems potentially subject to offline attack, the 
programmer has a slow and elaborate system for deriving the key from the 
passphrase.

The key derivation should take around a third of a second or so if done 
on the same system on which the encryption was done, so the offline 
attack typically can do three passwords per second, more if the offline 
attack is done on a powerful system, but a thousand passwords per second 
is very powerful attack system.

In systems subject to online attack, the server should penalize the ip 
address, the entire group of ip addresses, and the username for each 
wrong guess with slower and slower service.


More information about the tahoe-dev mailing list