Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updating estimates for pbkdf2 streaching #199

Open
jcalfee opened this issue May 4, 2017 · 3 comments
Open

Updating estimates for pbkdf2 streaching #199

jcalfee opened this issue May 4, 2017 · 3 comments

Comments

@jcalfee
Copy link

jcalfee commented May 4, 2017

Is there a way to update the estimates to account for stretching?

The offline attack vector is my concern. So, I would like to stretch the passphrase adding N bits of entropy. For example, to add 12 bits of strength I might do this:

const secret = pbkdf2.pbkdf2Sync(passphrase, '', 4096, 64, 'sha512')

I imagine this might work but it would add 16 bits instead of 12 bits I'm using:

const entropy = new Buffer('037d', 'hex').toString('binary') // 2 char string
const report = zxcvbn(passphrase + entropy)

Is there a cleaner way so I could provide the number of bits I'm adding? Otherwise I should probably mine for a good hex string to use.
@lowe
Copy link
Collaborator

lowe commented May 5, 2017

Hi @jcalfee,

Recent versions of zxcvbn return an estimate in guesses (vs entropy). If you want to convert that to a "time to crack" type estimate, to account for stretching, I would simply choose a higher time-per-guess ratio based on the specifics of your hashing scheme.

The library includes a few example scenarios just in case it's helpful:

const result = zxcvbn('helloworld');
console.log(result.crack_times_seconds);
console.log(result.crack_times_display);

@jcalfee
Copy link
Author

jcalfee commented May 9, 2017
edited
Loading

I'm adding 2048 guesses (Math.pow(2, 11) === 2048). Implementations need to provide a checksum (probably a sha256) or it does not know if the decryption worked or not. So, all of the following should be about the same:

  • re-hash the password
  • check the password to see if it can decrypt
  • move to the next password and check it

So it would be nice to update all the result values (score, N centuries, etc..) accordingly. I believe it is as simple as extending the estimated number of guesses (multiply by 2048)..

The time per guess is something I want to avoid hard-coding outside of the library because that is something that would be updated as technology advances (and we upgrade the library with an adjusted crack time estimate algorithm).

So my first though is to tell the library I'm using a longer password..

What do you think? Is it easy to adjust estimate_guesses like this: estimate_guesses *= 2048?

@jcalfee
Copy link
Author

jcalfee commented May 9, 2017
edited
Loading

correction, adj: estimate_guesses *= 2048

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jcalfee @lowe