[cryptography] Current state of brute-forcing random keys?

Paul Crowley paul at ciphergoth.org
Thu Jun 9 18:37:16 EDT 2011

On 09/06/11 20:35, Solar Designer wrote:
> Right.  We also know that it is very GPU-friendly, so if we expect
> attackers with GPUs but maybe not with custom hardware (FPGA, ASIC), we
> could want to stay away from SHA-2 family functions and use something
> like Blowfish (Eksblowfish, bcrypt) in the KDF instead.

Blowfish is less friendly to brute force than SHA-2, but there are 
functions specifically designed to be brute-force-unfriendly.  There are 
suggestions in http://www.schneier.com/paper-low-entropy.html about how 
to build a function to iterate which is unfriendly to brute forcers; see 
also Microsoft's "Penny Black" research eg

\/ o\ Paul Crowley, paul at ciphergoth.org
/\__/ http://www.ciphergoth.org/

More information about the cryptography mailing list