[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-users
Subject: Re: Talking about Cryptodevices... which one?
From: NIIBE Yutaka <gniibe () fsij ! org>
Date: 2015-01-30 0:26:13
Message-ID: 54CACFA5.80605 () fsij ! org
[Download RAW message or body]
On 2015-01-30 10:46 +0900, NIIBE Yutaka wrote:
> specification (and with SHA256). It's default s2kcount is 192 as the
> MCU is slow enough, but you can configure it at compile time (like
> 65535 for host PC, or more).
On 01/30/2015 04:39 AM, NdK wrote:
> Uh, I think this exposes a weakness: if the attacker "somehow" accesses
> the EEPROM and reads encrypted key material, a low s2k count means he
> can recover plain key material quite faster than with more iterations.
You know (unconsciously, perhaps) and wrote "EEPROM", while it's Flash
ROM for Gnuk on FST-01.
192 is low. That's somehow intentional artifact by me, so that people
can catch it to consider. In our culture, it's not deliberately mean,
but a kind of communication tool.
Should we have configure time option for that, so that a person won't
need to edit manually? Let's discuss on the gnuk-users mailing list.
For the data on some EEPROM, weaker key derivation function is on
active service, or even there is no key derivation function, I
believe.
--
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic