[cryptography] Mixing multiple password hashing: Crypto Blasphemy or Useful approach?
grarpamp at gmail.com
Sun Mar 15 20:58:00 EDT 2015
Is this not the old chained crypto argument? It comes down to whether
or not you believe is, or will be, an attack known or unknown upon
any singular or combined crypto choice. If you do believe, which
is reasonable given prior crypto has been broken and that all
knowledge is never public, then compose your own function of different
crypto designs (ex: TrueCrypt chained three). If not, go with
whatever single crypto looks good and serves the design of your
application. It's just a function... with combined odds against
breaks, and it's good to design against known expenses of the
adversary like time and memory. Just don't break it while implementing
No useable KDF will help if "12345" is the passphrase. And 40 random
of printable ascii chars are stronger than any 256 bit KDF.
Seems to me it's not better KDF that's needed, but better memory.
Or just write it down on the other side of the airgap.
If that's not doable, then you resort to the KDF bits game for
expected weak inputs. The tradeoff there is useability. Nobody is
going to wait five minutes for their idiot passphrase of "12345"
to go through some elite, but ultimately useless in that case, KDF.
Password checkers can enforce some minimum bits there.
Regardless, you still have the law, the rubber hose, and your own
backup plan to contend with. Good luck.
More information about the cryptography