On Jul 17, 2009, at 8:39 PM, Peter Gutmann wrote:
PGP Desktop 9 uses as its default an iteration count of four
million (!!) for its password hashing, which looks like a DoS to
anything that
does sanity-checking of input.
That's precisely what it is -- a denial of service to password cracker
On Sunday,2009-07-19, at 13:24 , Paul Hoffman wrote:
At 7:54 AM -0600 7/18/09, Zooko Wilcox-O'Hearn wrote:
This involves deciding whether a 192-bit elliptic curve public key
is strong enough...
Why not just go with 256-bit EC (128-bit symmetric strength)? Is
the 8 bytes per signature the i
At 7:54 AM -0600 7/18/09, Zooko Wilcox-O'Hearn wrote:
>This involves deciding whether a 192-bit elliptic curve public key is strong
>enough...
Why not just go with 256-bit EC (128-bit symmetric strength)? Is the 8 bytes
per signature the issue, or the extra compute time?
--Paul Hoffman, Directo