Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

What is “iteration count” and why is decreasing it a bad idea?

bad decreasing IDEA
0
Posted

What is “iteration count” and why is decreasing it a bad idea?

0 CommentsAdd a Comment

1 Answer

0

Iteration count is the number of PBKDF2 iterations a passphrase is put through before it is used to unlock a key-slot. Iterations are done with the explicit purpose to increase the time that it takes to unlock a key-slot. This provides some protection against use of low-entropy passphrases. The idea is that an attacker has to try all possible passphrases. Even if the attacker knows the passphrase is low-entropy (see last item), it is possible to make each individual try take longer. The way to do this is to repeatedly hash the passphrase for a certain time. The attacker then has to spend the same time (given the same computing power) as the user per try. With LUKS, the default is 1 second of PBKDF2 hashing. Example 1: Lets assume we have a really bad passphrase (e.g. a girlfriends name) with 10 bits of entropy. With the same CPU, an attacker would need to spend around 500 seconds on average to break that passphrase. Without iteration, it would be more like 0.0001 seconds on a modern CP

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123