Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?
 
PerlMonks  

Re^5: Opening an Encrypted DB_File database

by iburrell (Chaplain)
on Jul 14, 2004 at 20:35 UTC ( #374432=note: print w/ replies, xml ) Need Help??


in reply to Re^4: Opening an Encrypted DB_File database
in thread Opening an Encrypted DB_File database

Using two different ciphers and two 256-bit keys is overkill. One good symmetric cipher is the strongest part of any cryptosystem. The 256-bit key is well beyond being brute forces. The password, and system for making the key from the password, are the weak point. 2^256 is much larger than 10^16.


Comment on Re^5: Opening an Encrypted DB_File database
Re^6: Opening an Encrypted DB_File database
by crabbdean (Pilgrim) on Jul 15, 2004 at 11:47 UTC
    Yeah, a bit of overkill but looking forward I considered that a year ago 128 bit used to be considered strong, whereas, a year later its not. Yeah, the password bit is the weakpoint but I'm not sure how to strengthen that. I have to consider that a users must get into the program somehow (relatively easily) but also consider that IF a hacker got in they'd then have access to ALL their passwords. Its needs a good strong front door. :-) Any ideas are welcome.

    Also, how did you derive 10^16? Just curious. Thanks again.

    Dean
    The Funkster of Mirth
    Programming these days takes more than a lone avenger with a compiler. - sam
    RFC1149: A Standard for the Transmission of IP Datagrams on Avian Carriers

      128 bits is still strong and will be for the forseeable future, excepting a sudden mathmatical breakthrough. Further, the cost to brute force rises exponentially with the keysize and can easily outpace Moore's Law.

      You would do well to pick up a copy of "Applied Cryptography" (or "Practical Cryptography", which is sort of the updated version, but I haven't read it myself yet). In particular, you may find the chapter on combining ciphers enlightening. You can't just put two 256-bit ciphers together and get a 512-bit cipher. IIRC, you're not worse off (security-wise) than if you had only used one cipher, but you're probably no better off, either. It's possible to combine ciphers, but it has to be done carefuly.

      ----
      send money to your kernel via the boot loader.. This and more wisdom available from Markov Hardburn.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://374432]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (6)
As of 2014-12-27 23:02 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (177 votes), past polls