[Cryptography] generated passphrases
Arnold Reinhold
agr at me.com
Fri Aug 16 18:18:42 EDT 2019
> On Aug 14, 2019, at 8:36 PM, Kent Borg <kentborg at borg.org> responded:
>
> I think key stretching is a great idea...that I don't want to depend on. The idea of devising incremental, necessarily serial work, that will necessarily take lots of time even of a well-financed foe, yet still cheap enough to do on a little battery while I wait? A nice idea, but I remain skeptical. (And ignorant, I admit.)
>
Fort wide adoption of technologies like cyber currencies, I submit there is no choice but to depend on key stretching. The size of secrets needed are too big for most people to memorize. (People on this list, motivated crypto nerds, are hardly typical users.) There are key stretching hash algorithms with proofs of memory hardness (e.g. Balloon, Argon2) that can increase required processing time and silicon area each by a factor of at least 100,000 on ordinary portable devices with negligible battery draw. Combined, that's a total gain of about 35 bits over SHA256(passphrase). Using the GPUs on these devices might gain another 8 bits or so. That is a big reduction in the the amount of entropy a user needs to memorize and enter to achieve high security.
Arnold Reinhold
More information about the cryptography
mailing list