<p>I am sorry if the reply didn't go in-thread (that also means that there is little chance that this one will be in-thread, as I am using the same email software on my phone to write it. I need to get off my lazy ass and write an email client for Android that works the way it ought to, with proper support for encryption, digital signatures, threading... and mod the system to support a LUKS encrypted SD card, and... nevermind).</p>
<p>I was indeed referring to you (MWH), and I was replying to the message asking about your thoughts on login delays. I hope that provides sufficient context.</p>
<p>Also I was mentioning a system that employs encryption (of course I didn't write the encryption code in it; I am nowhere near qualified enough for that, nor am I qualified to review or audit the source code of the encryption used, so it is a black box to me) which I am writing for the purpose of creating a "perfect backup" (lossless w/ acl/xattrs, compressed, random-access at the file level, encrypted, able to span multiple media and retain all of these properties). But I do know that passwords require transformation before they can be used as keys, and I know that KDFs do a large part of that, in concert with salting and hashing, and that the number of iterations has a natural impact on delay.</p>
<p>--<br>
Sent from my G2 running CyanogenMod!<br>
That is, a phone. :)</p>
<div class="gmail_quote">On Dec 23, 2010 11:58 PM, "Michael H. Warfield" <<a href="mailto:mhw@wittsend.com" target="_blank">mhw@wittsend.com</a>> wrote:<br type="attribution">> Michael,<br>> <br>> No offense but I'm totally at a loss to see who or what you were<br>
> responding to with this. Can you reply in-thread with some quoting? I<br>> see what you're saying and not understanding your point. I'm presuming<br>> that the "Not sure what is reply is going to be" may be referring to me.<br>
> My access is a little erratic right now during the holiday season so<br>> you'll have to forgive me a bit.<br>> <br>> Regards,<br>> Mike<br>> <br>> On Thu, 2010-12-23 at 18:48 -0500, Michael Trausch wrote:<br>
>> Not sure what his reply is going to be, but I can say that if there is a<br>>> delay, it should be inherent to the method of key generation. For example,<br>>> if using a strong password as input to a KDF that runs a million rounds,<br>
>> there will be a noticable delay to the key generation. Sadly, there is no<br>>> way to pick a universally applicable number of rounds, though; very old<br>>> systems won't be able to reasonably generate keys if there are more than<br>
>> several tens of thousands of iterations, while very new systems may not<br>>> delay at all.<br>>> <br>>> I have one system-in-progress that is setup to generate keys with 10,000,000<br>>> rounds, making the delay on my system around three seconds to generate the<br>
>> key. In the target environment it takes ~10 seconds. The only purpose is<br>>> to reduce the feasibility of brute forcing by increasing the time it takes<br>>> to generate a key.<br>>> <br>>> It seems that 1,000 to 10,000 iterations is the common value, but on my<br>
>> systems this provides nearly no delay whatsoever. Certainly not one which<br>>> is perceptable to me. Given a 3 second delay to generate a key that would<br>>> mean that it my system can only brute 120 keys per minute, if those keys all<br>
>> pass through the algorithm. It also means that invalid passwords will take<br>>> some time, even locally, to find that they are invalid, which is the point<br>>> with something like this where there may not be a client/server interaction.<br>
>> <br>>> --<br>>> Sent from my G2 running CyanogenMod!<br>>> That is, a phone. :)<br>>> On Dec 23, 2010 6:34 PM, "Matty" <<a href="mailto:matty91@gmail.com" target="_blank">matty91@gmail.com</a>> wrote:<br>
>> <br>>> _______________________________________________<br>>> Ale mailing list<br>>> <a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>>> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
>> See JOBS, ANNOUNCE and SCHOOLS lists at<br>>> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>> <br>> -- <br>> Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw@WittsEnd.com<br>
> /\/\|=mhw=|\/\/ | (678) 463-0932 | <a href="http://www.wittsend.com/mhw/" target="_blank">http://www.wittsend.com/mhw/</a><br>> NIC whois: MHW9 | An optimist believes we live in the best of all<br>
> PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!<br>
</div>