[Cryptography] Why don't we protect passwords properly?
Bill Cox
waywardgeek at gmail.com
Fri Dec 20 23:00:29 EST 2013
I only dabble in crypto because it's way cool, but I keep seeing signs
of either serious ignorance, or amazingly clever social engineering.
Which is it?
For example, last month I pointed out on the TrueCrypt list that their
key stretching is a joke, at least if you want to protect data from any
organization with many millions of dollars to spend on brute-force
password guessing hardware. TrueCrypt's strongest option of 2000 rounds
of AES-512 key stretching is simply not enough to protect passwords real
Facebook users can remember. SHA-XXX (all of them) seem to have been
designed specifically to be cheap and fast to compute in custom
hardware, while taking forever to compute on modern CPUs. I especially
like the bit position swaps which don't take any computation at all in
hardware. I thought that was a mistake on the web page when I read it
the first time.
Scrypt, used by FreeCoin, shows how to do truly effective key
stretching, which can protect typical Facebook passwords from even the
most well funded government spy agencies. Nevertheless, the most common
tools in use don't include effective key stretching. TrueCrypt is an
open source project hosted out of Spain, yet the devs are silent when
asked about their ineffective key stretching choice. GPG and ssh don't
key stretch at all by default, AFAIK. How is it possible that the
open-source devs who invented and wrote these amazing tools fail to
understand basic password security?
I want a straight answer, and I truly don't know what it is. Is it
scary tall dudes in dark suits, or seriously ignorant devs?
More information about the cryptography
mailing list