undefined | Better HN

0 pointsmarcusfrex9y ago0 comments

It's probably because different understanding of same terms. With "complexity" word we mean hardness to generate. It doesnt adds up more algorithms but character sets and hashing algorithms for PBKDF2 respectively.

0 comments

3 comments · 1 top-level

tptacek9y ago· 2 in thread

Why, exactly, would a user ever want to generate a password with a weaker KDF?

A password with lower levels of string complexity might make sense --- 1Password's strong passwords can sometimes be rejected by crappy websites. A password that sacrifices cryptographic strength in order to save a few tens of milliseconds of KDF, though, makes no sense at all.

Also: really, you should not be using PBKDF2.

Scaevolus9y ago

I want a password manager with Argon2 configured to take 10 seconds and 1GB of RAM, playing a gratuitous 3D animation of a vault slowly opening alongside CPU and bandwidth utilization graphs.

Or if your attack model allows that reading protected files off a user's device is less likely than the cloud-synced database being compromised, you might derive the master encryption key as KDF_fast(KDF_slow(password)+password)), where KDF_slow takes 5 minutes and is stored on disk, but KDF_cheap takes 5 seconds.

aparadja9y ago

Honest question: what's wrong with PBKDF2?

1 more reply

j / k navigate · click thread line to collapse