Re: mlock(1)

From: Pavel Machek
Date: Thu Sep 30 2004 - 14:57:53 EST

Next message: David S. Miller: "Re: [PATCH 2.6] Natsemi - remove compilation warnings"
Previous message: Paul Fulghum: "Re: Serial driver hangs"
In reply to: Andrea Arcangeli: "Re: mlock(1)"
Next in thread: Bernd Eckenfels: "Re: mlock(1)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

> > Actually if your cipher is not resistant to known plaintext attack,
>
> AFIK the only way to make it resistent to a brute force is to make it
> slow, like adding lots of bits of salt.

No. If you want it resistent to brute force, use big key. Actually 128bit should be enough.

If user's password has at least 128 bits of entropy, you should be safe, too.

salt only helps with "lets create 1TB of all common encrypted passwords" attack.

> My point is very simple, that is if you leave a zero as part of the API,
> then you're making things less secure.

This is same as saying that starting encrypted email with
"Hi!" is bad idea. It is not. Don't worry about brute-force, it is not
practical. (Okay, you probably should not limit password length to 8 chars).

Pavel
--
64 bytes from 195.113.31.123: icmp_seq=28 ttl=51 time=448769.1 ms

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David S. Miller: "Re: [PATCH 2.6] Natsemi - remove compilation warnings"
Previous message: Paul Fulghum: "Re: Serial driver hangs"
In reply to: Andrea Arcangeli: "Re: mlock(1)"
Next in thread: Bernd Eckenfels: "Re: mlock(1)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]