-
Notifications
You must be signed in to change notification settings - Fork 934
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updating estimates for pbkdf2 streaching #199
Comments
Hi @jcalfee, Recent versions of The library includes a few example scenarios just in case it's helpful:
|
I'm adding 2048 guesses (
So it would be nice to update all the result values (score, N centuries, etc..) accordingly. I believe it is as simple as extending the estimated number of guesses (multiply by 2048).. The time per guess is something I want to avoid hard-coding outside of the library because that is something that would be updated as technology advances (and we upgrade the library with an adjusted crack time estimate algorithm). So my first though is to tell the library I'm using a longer password.. What do you think? Is it easy to adjust estimate_guesses like this: |
correction, adj: estimate_guesses *= 2048 |
Is there a way to update the estimates to account for stretching?
The offline attack vector is my concern. So, I would like to stretch the passphrase adding N bits of entropy. For example, to add 12 bits of strength I might do this:
I imagine this might work but it would add 16 bits instead of 12 bits I'm using:
Is there a cleaner way so I could provide the number of bits I'm adding? Otherwise I should probably mine for a good hex string to use.
The text was updated successfully, but these errors were encountered: