[Cryptography] Recommendations for short AES passphrases

Michael Kjörling michael at kjorling.se
Sun Sep 18 16:49:23 EDT 2016


On 18 Sep 2016 14:04 -0400, from kentborg at borg.org (Kent Borg):
> On 09/17/2016 08:01 AM, ıuoʎ wrote:
>> If I assumed a medium adversary can try a Million keys a second
> 
> I finally saw Citizenfour, and the voiceover at the beginning said
> to assume that a they can try a trillion keys a second. That would
> be the US government, ~3-years ago, in a case where they are really
> pissed. Other cases would be slower.

It's also assuming that these "keys" being tested are actually PGP or
GnuPG private key passphrases. OpenPGP s2k is deliberately relatively
computationally intensive, though I don't know how it compares to a
modern PBKDF.

I did some math for a reply I later threw away, based on the numbers
at [1], and came up with a single 2.2 GHz AMD Opteron 8354 being able
to test somewhere close to 2.5M keys per second in AES/ECB mode with a
single block of data.

 [1]: https://cryptopp.com/benchmarks.html
 also https://web.archive.org/web/20160821004436/https://cryptopp.com/benchmarks.html

-- 
Michael Kjörling • https://michael.kjorling.semichael at kjorling.se
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)


More information about the cryptography mailing list