On Wed, 9 Dec 2009 17:40:12 -0500, Daniel Franke wrote:
I don't think implementation difficulties are of primary concern. Both
The concern is with the added code complexity. We can't just add a
new KDF and drop the old one. We already have too many algorithms we
need to implement so that a minimal OpenPGP implementation is not
quite complex already.
Complexity is the worst enemy of a (security) software. With each
line of code we add more bugs. After all we would add a maybe better
algorithms in exchange for an increased probability of severe bugs.
Those bugs are the problems and not any password cracking machines.
Anyway, the protected password is something which gives you a bit of
time in case your key has been compromised. But in a real world
scenario it will never give you the protection of the public key
encryption. If someone can access your secret key - be it protected
not not - you are lost.
For the case of symmetric only encryption no sane deployment would use
a 12 character passphrase but a random one stored in some key
management system. If you get access to the key management system
your are again lost - no, you would not crack the passphrases but
sniff them.
Thus we better keep the current S2K in OpenPGP and adjust the
iteration count to match todays CPUs.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.