Re: eCryptfs Design Document

From: Phillip Susi
Date: Sun Mar 26 2006 - 21:52:22 EST

Next message: Joel Becker: "Re: [2.6 patch] CONFIGFS_FS must depend on SYSFS"
Previous message: Stephen Rothwell: "Re: [PATCH 1/2] create struct compat_timex and use it everywhere"
In reply to: Phillip Hellewell: "Re: eCryptfs Design Document"
Next in thread: Michael Thompson: "Re: eCryptfs Design Document"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Phillip Hellewell wrote:

Again I concur with Mike. Iterative hashing is a very common technique,
and is very effective against this type of dictionary attack. If you
hash 1000 times, then an attack that normally could check 1 million
passwords per second would now only be able to check 1000 passwords per
second.

Without iterative hashing, as computers get faster, so would dictionary
attacks, and then people would have to keep using longer and longer
passwords to be as effective. Iterative hashing "levels the playing
field" in a way.

Except that I believe you can write code to compute the nth hash in O(1) time rather than O(n) time, so that kind of defeats the purpose, though I'm no expert so I could be wrong.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Joel Becker: "Re: [2.6 patch] CONFIGFS_FS must depend on SYSFS"
Previous message: Stephen Rothwell: "Re: [PATCH 1/2] create struct compat_timex and use it everywhere"
In reply to: Phillip Hellewell: "Re: eCryptfs Design Document"
Next in thread: Michael Thompson: "Re: eCryptfs Design Document"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]