[cryptography] Current state of brute-forcing random keys?

Paul Crowley paul at ciphergoth.org
Thu Jun 9 18:37:16 EDT 2011


On 09/06/11 20:35, Solar Designer wrote:
> Right.  We also know that it is very GPU-friendly, so if we expect
> attackers with GPUs but maybe not with custom hardware (FPGA, ASIC), we
> could want to stay away from SHA-2 family functions and use something
> like Blowfish (Eksblowfish, bcrypt) in the KDF instead.

Blowfish is less friendly to brute force than SHA-2, but there are 
functions specifically designed to be brute-force-unfriendly.  There are 
suggestions in http://www.schneier.com/paper-low-entropy.html about how 
to build a function to iterate which is unfriendly to brute forcers; see 
also Microsoft's "Penny Black" research eg

http://research.microsoft.com/apps/pubs/default.aspx?id=54395
-- 
   __
\/ o\ Paul Crowley, paul at ciphergoth.org
/\__/ http://www.ciphergoth.org/



More information about the cryptography mailing list