[cryptography] Current state of brute-forcing random keys?
paul at ciphergoth.org
Thu Jun 9 18:37:16 EDT 2011
On 09/06/11 20:35, Solar Designer wrote:
> Right. We also know that it is very GPU-friendly, so if we expect
> attackers with GPUs but maybe not with custom hardware (FPGA, ASIC), we
> could want to stay away from SHA-2 family functions and use something
> like Blowfish (Eksblowfish, bcrypt) in the KDF instead.
Blowfish is less friendly to brute force than SHA-2, but there are
functions specifically designed to be brute-force-unfriendly. There are
suggestions in http://www.schneier.com/paper-low-entropy.html about how
to build a function to iterate which is unfriendly to brute forcers; see
also Microsoft's "Penny Black" research eg
\/ o\ Paul Crowley, paul at ciphergoth.org
More information about the cryptography