On Sun, Apr 21, 2013 at 19:00, and...@msu.edu wrote: > The example in vnconfig shows 20,000. I picked 30K. > This is a 2.8G core2 duo machine, encrypting mail and > other stuff. > > I haven't found sources on the net that have explained > what low security is, up to total paranoia with regards > # of rounds. > > Ideas? URLs for good places to read?
As many as don't annoy you. 100k will be about half a second on a CPU. The problem is the bad guys aren't going to be using CPUs. A single computer with a few high end graphics cards can do somewhere in the neighborhood of 3 billion hashes in one second. 1000 rounds (the bare minimum for pbkdf2) turns that into 3 million/s. 100k turns it into 30k/s. The work factor and time required scale linearly for both you and the attacker, the attacker just has somewhere ranging from 15000 to many more times more computing resources at his disposal. It's hard to directly equate time you spend waiting with time it will cost some unknown attacker. Your best bet is a longer password. Nothing will save you if your password is a word from a dictionary, or some 3lit3 spelling thereof. An interesting read: http://www.tarsnap.com/scrypt/scrypt.pdf There is a table at the top of page 14 that compares hypothetical hardware cracking costs. If you suspect somebody with a million dollars, access to chip fabrication facilities, and a year to wait will be interested in reading your email, you should use at least 100k rounds and and a ten character random password.
