From: Phillip Susi <psusi@cfl.rr.com>
To: Michael Halcrow <lkml@halcrow.us>
Cc: Michael Halcrow <mhalcrow@us.ibm.com>,
akpm@osdl.org, phillip@hellewell.homeip.net,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
viro@ftp.linux.org.uk, mcthomps@us.ibm.com, yoder1@us.ibm.com,
toml@us.ibm.com, emilyr@us.ibm.com, daw@cs.ber
Subject: Re: eCryptfs Design Document
Date: Sun, 26 Mar 2006 12:10:29 -0500 [thread overview]
Message-ID: <4426CB05.2070604@cfl.rr.com> (raw)
In-Reply-To: <20060325195015.GA8174@halcrow.us>
Michael Halcrow wrote:
> The mount-wide passphrase in the user session keyring is actually not
> necessary to keep around after the mount process is finished in this
> release, and we will likely alter the design and implementation for
> the 0.1 release to just remove it once the file key encryption key is
> associated with the eCryptfs superblock object on mount.
>
I see, so for now you import the key from the keyring into the
superblock at mount time, but in the future you will directly use the
key from the keyring as needed?
> In future releases, we will be storing multiple passphrase and public
> key authentication tokens in the user's eCryptfs keyring, and so the
> use of the kernel keyring will make a lot more sense. We are trying to
> make things as simple as possible for the 0.1 release so as to limit
> the complexity involved in analysis and debugging.
>
>> Are you saying that you salt the passphrase, hash that, then hash
>> the hash, then hash that hash, and so on? What good does repeatedly
>> hashing the hash do? Simply hashing the salted passphrase should be
>> sufficient to obtain a key.
>
> This approach is only used to help make dictionary attacks against the
> passphrase a bit harder.
>
Isn't that what adding the salt is for? You add 16 bits of salt so that
a pre hashed dictionary would require 65,536 different hashes per
passphrase permutation. That places more computation burden on
generating such a dictionary, but more importantly it places a large
storage burden on the dictionary.
Recursively hashing only places greater computation on the creation of
the dictionary, which is of no consequence as the dictionary only has to
be created once. If you want to fight dictionary attacks, you should
add a longer salt rather than recursively hash. Taking the salt from 16
bits to 32 bits also requires the attacker to compute 65,536 times more
hashes per passphrase permutation at dictionary creation time, but ALSO
requires that they store 65,536 times more hashed values in the dictionary.
Another thought that crossed my mind is that it is likely possible to
factor the recursive hash function and simplify it such that it can be
computed almost as quickly as the single hash rather than taking 65,536
times longer.
next prev parent reply other threads:[~2006-03-26 17:10 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-03-24 22:25 eCryptfs Design Document Michael Halcrow
2006-03-24 23:12 ` James Morris
2006-03-27 16:17 ` Michael Thompson
2006-03-27 16:52 ` Michael Halcrow
2006-03-24 23:49 ` Andrew Morton
2006-03-25 0:13 ` Michael Halcrow
2006-03-25 0:33 ` Andrew Morton
2006-03-25 7:38 ` Miklos Szeredi
2006-03-27 23:31 ` Michael Halcrow
2006-03-28 16:00 ` Stephen C. Tweedie
2006-03-29 20:14 ` Michael Halcrow
2006-03-25 19:28 ` Phillip Susi
2006-03-25 19:50 ` Michael Halcrow
2006-03-26 17:10 ` Phillip Susi [this message]
2006-03-26 18:04 ` Michael Halcrow
2006-03-27 0:05 ` Phillip Hellewell
2006-03-27 2:53 ` Phillip Susi
2006-03-27 16:10 ` Michael Thompson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4426CB05.2070604@cfl.rr.com \
--to=psusi@cfl.rr.com \
--cc=akpm@osdl.org \
--cc=daw@cs.ber \
--cc=emilyr@us.ibm.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lkml@halcrow.us \
--cc=mcthomps@us.ibm.com \
--cc=mhalcrow@us.ibm.com \
--cc=phillip@hellewell.homeip.net \
--cc=toml@us.ibm.com \
--cc=viro@ftp.linux.org.uk \
--cc=yoder1@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).