Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S266669AbUJDMVb (ORCPT ); Mon, 4 Oct 2004 08:21:31 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S267356AbUJDMVb (ORCPT ); Mon, 4 Oct 2004 08:21:31 -0400 Received: from centaur.acm.jhu.edu ([128.220.223.65]:33206 "EHLO centaur.acm.jhu.edu") by vger.kernel.org with ESMTP id S267504AbUJDMVU (ORCPT ); Mon, 4 Oct 2004 08:21:20 -0400 Date: Mon, 4 Oct 2004 08:21:20 -0400 From: Jack Lloyd To: Linux Kernel Mailing List Subject: Re: mlock(1) Message-ID: <20041004122120.GG664@acm.jhu.edu> Mail-Followup-To: Linux Kernel Mailing List References: <41547C16.4070301@pobox.com> <20040924132247.W1973@build.pdx.osdl.net> <1096060045.10800.4.camel@localhost.localdomain> <20040924225900.GY3309@dualathlon.random> <1096069581.3591.23.camel@desktop.cunninghams> <20040925010759.GA3309@dualathlon.random> <1096114881.5937.18.camel@desktop.cunninghams> <20040925145315.GJ3309@dualathlon.random> <20040928084850.GA18819@elf.ucw.cz> <20040930174244.GL22008@dualathlon.random> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040930174244.GL22008@dualathlon.random> X-GPG-Key-ID: 4DCDF398 X-GPG-Key-Fingerprint: 2DD2 95F9 C7E3 A15E AF29 80E1 D6A9 A5B9 4DCD F398 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1313 Lines: 26 On Thu, Sep 30, 2004 at 07:42:44PM +0200, Andrea Arcangeli wrote: > > > > Actually, better solution probably is to encrypt 32-bit zero. > > > > Then, you have 1:2^32 probability of accepting wrong password, still > > if you try to brute-force it, you'll find many possible passwords. > > this is just the first step an attacker needs to rule out all the > impossible passwords and extend the crack to the other known bits. I > don't think it's secure. My suggestion OTOH sounds completely secure > (though much harder to implement). PGP actually uses a similiar techinique (80 bits of randomness, with bytes 9+10 being repeats of 7+8) to check for bad decrypts. With 16 bits of checksum, the attacker only is able to eliminate about (2^16-1)/2^16 of the keys, which seems like a lot, but only reduces the keylength by 16 bits. If you're using reasonably sized keys (>=128 bits) that's not a problem because the remaining keyspace is still much larger than the set of likely passphrases (even quite good passphrases rarely get over 80 or 90 bits of entropy). -Jack - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/