[botan-devel] crypto question

Timothy Prepscius timprepscius at gmail.com
Fri May 18 14:56:53 EDT 2012


Thanks!

I really appreciate this.

-tim

On May 18, 2012, at 2:04 PM, Jack Lloyd wrote:

> On Sun, May 13, 2012 at 09:25:51AM -0400, Timothy Prepscius wrote:
> 
>> I want an encryption method, which, best case scenario:
>> 
>> 1.  Takes significant computation time to break.  Meaning, I would like the WhiteShirts to need to spend at least 6 hours, and then the InvisoShirts maybe an hour?  I would be fine with 30 minutes-  who knows what sort of computational extravagances the InvisoShirts have.
>> 
>> 2.  Uses a human readable key, "mypassword1234"
>> 
>> 3.  Uses a relatively small amount of computation to decrypt when provided the key.  (not more then 5 seconds on a modern computer)
> 
> PKCS8::BER_encode and PKCS8::PEM_encode (in pkcs8.h) will convert a
> Private_Key& to a binary blob (or std::string encoding of said blob,
> for PEM_encode) in a standard format. The 4-argument versions encrypt
> using the password specified in the 3rd arg and the encryption
> algorithm specified in the 4th (or if not set, AES-256).
> 
> Currently the PBKDF2 iterations used with PKCS8 encoding is only 10000
> (and there is no way to increase this with the current API). A rough
> back of the envelope is that with this iteration count someone with a
> few tens of million USD for custom hardware could break a short
> password in less than an hour. A long (>10 character) password would
> be safe for a fairly extended time.
> 
> -Jack
> _______________________________________________
> botan-devel mailing list
> botan-devel at randombit.net
> http://lists.randombit.net/mailman/listinfo/botan-devel




More information about the botan-devel mailing list