Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine

Re^5: Opening an Encrypted DB_File database

by iburrell (Chaplain)
on Jul 14, 2004 at 20:35 UTC ( #374432=note: print w/replies, xml ) Need Help??

in reply to Re^4: Opening an Encrypted DB_File database
in thread Opening an Encrypted DB_File database

Using two different ciphers and two 256-bit keys is overkill. One good symmetric cipher is the strongest part of any cryptosystem. The 256-bit key is well beyond being brute forces. The password, and system for making the key from the password, are the weak point. 2^256 is much larger than 10^16.
  • Comment on Re^5: Opening an Encrypted DB_File database

Replies are listed 'Best First'.
Re^6: Opening an Encrypted DB_File database
by crabbdean (Pilgrim) on Jul 15, 2004 at 11:47 UTC
    Yeah, a bit of overkill but looking forward I considered that a year ago 128 bit used to be considered strong, whereas, a year later its not. Yeah, the password bit is the weakpoint but I'm not sure how to strengthen that. I have to consider that a users must get into the program somehow (relatively easily) but also consider that IF a hacker got in they'd then have access to ALL their passwords. Its needs a good strong front door. :-) Any ideas are welcome.

    Also, how did you derive 10^16? Just curious. Thanks again.

    The Funkster of Mirth
    Programming these days takes more than a lone avenger with a compiler. - sam
    RFC1149: A Standard for the Transmission of IP Datagrams on Avian Carriers

      128 bits is still strong and will be for the forseeable future, excepting a sudden mathmatical breakthrough. Further, the cost to brute force rises exponentially with the keysize and can easily outpace Moore's Law.

      You would do well to pick up a copy of "Applied Cryptography" (or "Practical Cryptography", which is sort of the updated version, but I haven't read it myself yet). In particular, you may find the chapter on combining ciphers enlightening. You can't just put two 256-bit ciphers together and get a 512-bit cipher. IIRC, you're not worse off (security-wise) than if you had only used one cipher, but you're probably no better off, either. It's possible to combine ciphers, but it has to be done carefuly.

      send money to your kernel via the boot loader.. This and more wisdom available from Markov Hardburn.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://374432]
[choroba]: Well, merging two hashes recursivelly is not that hard either, but...
[Corion]: choroba: Yeah - I think I used (and extended) Hash::Merge for recursive merging
[Corion]: I still wonder if I should maybe publish Config::Collect, which (I think) is the dumb hash merger
[Corion]: It still needs some more ways of specifying defaults (in memory) and loading files (user-supplied loader(s)/ callbacks?), and the app-specific parts ripped out...
[Corion]: Also, the Config::Spec part(s) need more work to document how to pass in things from a data structure and from %ENV (or any other hash)

How do I use this? | Other CB clients
Other Users?
Others browsing the Monastery: (8)
As of 2018-02-23 19:28 GMT
Find Nodes?
    Voting Booth?
    When it is dark outside I am happiest to see ...

    Results (310 votes). Check out past polls.