[Gnuk-users] gnuk-users Digest, Vol 107, Issue 3

[Peter Lebbing]

On 11/01/18 19:38, Mike Tsao wrote:
> They are inexpensive and they replace a
> strong stretched passphrase with a short unstretched PIN that's easy to
> memorize and enter.

Well, if you're not worried about brute-force attacks on extracted
encrypted keys, sure, you can use a short unstretched PIN. I was however
assuming you are using a proper good passphrase for your GnuK. I haven't
looked at the key derivation function of GnuK, but I know that this area
is under construction to be improved by letting the host PC do (part
of?) the KDF. So even if right now the KDF isn't as good as you want,
this is already being worked on.

With a good KDF, there is no problem with brute-forcing, known plaintext
or no.

>   * Valuable asset...
>   * That is encrypted by a brute-forceable PIN...

As you say, this is unsolvable, might as well not encrypt it at all. It
is not the assumed usage of GnuK, it is assumed you use a good
passphrase rather than a PIN if you're worried about data extraction.
Luckily, nobody is forcing you to use a PIN :-).

With a 6-digit PIN, the time needed to crack is inherently only 500,000
times slower than that of regular use, *irrespective* *of* *stretching*.
Even if you were to accept a totally painful delay of 10 seconds on
passphrase entry, that /same/ computer could necessarily crack it after
on average just two months of computation. A dedicated cracking rig
would be much quicker even, so these numbers are unrealistically benign.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/gnuk-users/attachments/20180111/263e9087/attachment.sig>