Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S269464AbUI3Tx7 (ORCPT ); Thu, 30 Sep 2004 15:53:59 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S269462AbUI3Txz (ORCPT ); Thu, 30 Sep 2004 15:53:55 -0400 Received: from atrey.karlin.mff.cuni.cz ([195.113.31.123]:31659 "EHLO atrey.karlin.mff.cuni.cz") by vger.kernel.org with ESMTP id S269464AbUI3TxZ (ORCPT ); Thu, 30 Sep 2004 15:53:25 -0400 Date: Thu, 30 Sep 2004 21:52:28 +0200 From: Pavel Machek To: Andrea Arcangeli Cc: Pavel Machek , Nigel Cunningham , Alan Cox , Chris Wright , Jeff Garzik , Linux Kernel Mailing List , Andrew Morton Subject: Re: mlock(1) Message-ID: <20040930195228.GA1100@openzaurus.ucw.cz> References: <1096060045.10800.4.camel@localhost.localdomain> <20040924225900.GY3309@dualathlon.random> <1096069581.3591.23.camel@desktop.cunninghams> <20040925010759.GA3309@dualathlon.random> <1096114881.5937.18.camel@desktop.cunninghams> <20040925145315.GJ3309@dualathlon.random> <20040928084850.GA18819@elf.ucw.cz> <20040930174244.GL22008@dualathlon.random> <20040930185447.GC475@openzaurus.ucw.cz> <20040930191720.GB32279@dualathlon.random> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040930191720.GB32279@dualathlon.random> User-Agent: Mutt/1.3.27i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1107 Lines: 29 Hi! > > Actually if your cipher is not resistant to known plaintext attack, > > AFIK the only way to make it resistent to a brute force is to make it > slow, like adding lots of bits of salt. No. If you want it resistent to brute force, use big key. Actually 128bit should be enough. If user's password has at least 128 bits of entropy, you should be safe, too. salt only helps with "lets create 1TB of all common encrypted passwords" attack. > My point is very simple, that is if you leave a zero as part of the API, > then you're making things less secure. This is same as saying that starting encrypted email with "Hi!" is bad idea. It is not. Don't worry about brute-force, it is not practical. (Okay, you probably should not limit password length to 8 chars). Pavel -- 64 bytes from 195.113.31.123: icmp_seq=28 ttl=51 time=448769.1 ms - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/