On Wed, Jan 14, 2015 at 11:02 PM, Mike Hearn <[email protected]> wrote: > My big question (sorry Nadim, if this has been addressed before as part of > the MiniLock discussions) is what stops passphrases being brute forced. It > seems from the spec that the passphrase == private key and public key is > then derived from that, in the usual ECC manner.
In miniLock, if you try a passphrase that fails a strength check [1] it suggests one for you (7 words from a ~16 bit list = ~112 bits entropy). It looks like Peerio performs the same strength check, but on failure asks you to choose again, instead of suggesting one. It'd be interesting to know the rationale - did users dislike the generated phrases? --- It looks like minilock hashes the password with scrypt, N=2^17 and r=8. Peerio's parameters are a bit smaller, but I think standard (N=2^14, r=8). Resisting offline passphrase-cracking with a strong passphrase and good hashing is obviously important here, since cracking can be attempted by anyone who sees your public key (not just the server). More and more systems are using scrypt for password hashing. Does anyone know the state-of-the-art in scrypt cracking? Trevor [1] https://github.com/dropbox/zxcvbn _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
