On 9/8/06, Sebastian Rother <[EMAIL PROTECTED]> wrote:
I`ve problems to understand the sense of the -K option wich was
implemented into vnconfig of OpenBSD 4.0.
Do I understand it correctly if I assume the folloring:
- I can now specify the rounds used by Blowfish
no, it's the number of rounds of PKCS #5 PBKDF2.
- Wich are (should) limited up to 16 rounds
there is no upper limit. lower limit is 1000.
- I have to specify a SALT file
- Wich gets handled like a certificate to authenticate myself in
combination with the password (??)
- So it`s a 2 factor authentication?
Or is the SALT from the file realy used for the blowfish initialisation?
the salt is combined with your password to make the blowfish key.
man vnconfig tells me that svnd`s (I`m using one snvd currently) gets
encrypted but it does not tell me how many rounds where used for
blowfish or how strong the encryption is (somebody told me Blowfish
128Bit). The amount of rounds used can be a keyfactor if it deals with
pot. decryption by others (PUT_YOUR_FAVORITE_SERVICE_HERE).
blowfish always uses 16 rounds. blowfish not using 16 rounds is not
blowfish. for -K, maximum keylength of 448 bits is used. for -k,
depends on how much key you specify.
The manpage should tell the user how many rounds are used for svnds and
propably how to create the SALT file.
the salt file is created the first time you use -K. how many rounds
you want depends on how fast your adversaries' computers are.
Is my assumtion correct that the normal svnds do use Blowfish with
128Bit (to specify more Bits would be cool.. like 256, Blowfish allows
up to 448Bits) and a limited amounts of rounds (not 16)?
no. rounds = 16. key = 448.
I aks because the passwords in OpenBSD do not get encrypted with 16
rounds by default (so I don`t know how many rounds where used for
svnds but I would bet not 16 rounds) wich means:
no, the passwords are not encrypted. that is entirely different. and
the default is 64.
