Scheneier's banter about speed of Twofish is just an old piece of commercial advertisement which made sense 15 years ago when Twofish was involved in the AES competition (but, ultimately, Rijndael won and became "the AES"). 3DES is "slow" which means that decrypting all your stored password would take 500 microseconds instead of 50 with a faster algorithm - but you would not see the difference anyway. In practice, the encryption speed is not important. I have not looked what Password Safe employs for that step, but usual recommendations are bcrypt and PBKDF2. When doing the slowness in the password hashing step, on the other hand, you can make things more equal between you and the attacker. In other words, if the encryption itself was slow, you would not be able to make it as sow as you would wish, and the attacker would not be much thwarted. On the other hand, the attacker only has to decrypt the first block or so to quickly rule out wrong passwords. If the encryption was inherently slow, then it would be very slow for you, because encryption time is proportional to the size of the data to encrypt or decrypt. Salts and configurable slowness, the two mantras of good password processing, are to be applied on step 1, not step 2.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |