CryptKit 0.9: cryptsock

Paul Rubin phr-n2001d at nightsong.com
Mon Dec 3 22:10:35 CET 2001


Bryan <bryan at eevolved.com> writes:
> > If I was going to implement something now, I'd certainly use SRP.
> 
> Thanks for the input. What are your thoughts about EC-PAK? 
> http://citeseer.nj.nec.com/mackenzie01more.html

For something like cryptsock, these password schemes are all
vulnerable to an online dictionary attack even though they protect
against offline attacks.  The only way to stop an online attack is
with a lockout, that disables the account after N failed attempts or N
attempts in a 24 hour period or anything like that.  The lockout must
count ALL bad attempts, not just attempts from a specific IP address,
because crackers often use computer viruses to launch attacks from
large numbers of addresses spead out over long periods of time.  But
as soon as a lockout exists, it makes a denial of service attack.

Conclusion: it's best to use a high-entropy authentication key if you
don't really need a low-entropy one.  The only advantage of passwords is
that people can remember them for human-to-machine communication.  For
machine-to-machine communication (the key is stored in a configuration
file), it's not that inconvenient to use a large random key, so there's
no need to mess with fancy password protocols.




More information about the Python-list mailing list