LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Martin: Off the Record Messaging: A Tutorial

Martin: Off the Record Messaging: A Tutorial

Posted Aug 2, 2012 0:14 UTC (Thu) by intgr (subscriber, #39733)
In reply to: Martin: Off the Record Messaging: A Tutorial by tialaramex
Parent article: Martin: Off the Record Messaging: A Tutorial

> nor is it low entropy enough to attempt a brute force

Note that SMP effectively prevents brute force. If one party fails to authenticate properly, both parties will have to restart the protocol. After a few failed attempts, every human participant would give up or try another secret.

(Log in to post comments)

Martin: Off the Record Messaging: A Tutorial

Posted Aug 5, 2012 16:14 UTC (Sun) by tialaramex (subscriber, #21167) [Link]

Right sorry, that was my assumption which I didn't really make clear. My father didn't teach us some brain-teasing 20 character "safe even if the passwords are hashed with plain MD5" password when we were kids. It was just good enough that it wouldn't be on anybody's first dozen things to try.

There's probably a better phrase than "brute force" for systems where you're up against human patience rather than some machine processing limit, but I don't know it.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds