On November 13, 2003 15:27, Jason Keirstead wrote:
> On November 13, 2003 2:10 pm, George Staikos wrote:
> > Quoting Jason Keirstead <jason@keirstead.org>:
> >    Sorry, when did you last brute-force a relatively large chunk of data
> > encrypted 16 rounds blowfish with a key generated with 1000 rounds of
> > SHA-1?  I would like to see this hardware.
>
> Just cause I don't have the hardware doesn't mean my attacker doesn't.
> He may have some 1000 machine G5 cluster crunching away at it for a few
> months, I don't know.

   He may need much, much more than that if he wants to finish it before 
generations of his descendants die.  Did you ever follow distributed.net?

> Besides, hardware is cheap. The point is that KWallet is subject to
> brute-force type attacks that a properly set up box's login is not.

  You think that kwallet is easier to brute force than /etc/shadow and the 8 
character unix passwords?

-- 
George Staikos
KDE Developer			http://www.kde.org/
Staikos Computing Services Inc.	http://www.staikos.net/
 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<