Re: Policja a TrueCrypt - Grupy dyskusyjne w eGospodarka.pl

Path: news-archive.icm.edu.pl!newsfeed.gazeta.pl!newsfeed.atman.pl!not-for-mail
From: Przemyslaw Frasunek <v...@f...lublin.pl>
Newsgroups: pl.soc.prawo
Subject: Re: Policja a TrueCrypt
Date: Mon, 7 Jul 2008 16:55:26 +0000 (UTC)
Organization: frasunek.com
Lines: 54
Message-ID: <s...@l...freebsd.lublin.pl>
References: <5...@3...googlegroups.com>
<c...@z...googlegroups.com>
<g4qe82$2m5s$1@opal.icpnet.pl>
<1crh5f8xqsek.1lp9egza77cl5$.dlg@40tude.net> <g4qhp6$5tf$1@news.onet.pl>
<X...@2...180.128.149> <g4qp55$nc0$1@news.onet.pl>
<X...@2...180.128.149>
<1fabz66pqb4hc.jsr6fr27989j$.dlg@40tude.net> <g4rf66$mk7$2@news.wp.pl>
<g4rh2h$p3m$1@news.onet.pl> <g4t4mk$i2g$2@news.wp.pl>
<s...@l...freebsd.lublin.pl>
NNTP-Posting-Host: lagoon.freebsd.lublin.pl
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-2
Content-Transfer-Encoding: 8bit
X-Trace: node2.news.atman.pl 1215449726 21264 193.138.118.3 (7 Jul 2008 16:55:26 GMT)
X-Complaints-To: u...@a...pl
NNTP-Posting-Date: Mon, 7 Jul 2008 16:55:26 +0000 (UTC)
User-Agent: slrn/0.9.8.1 (FreeBSD)
Xref: news-archive.icm.edu.pl pl.soc.prawo:542278
[ ukryj nagłówki ]
Dnia 07.07.2008 Przemyslaw Frasunek <v...@f...lublin.pl> napisał/a:
> 1000 iterations (or 2000 iterations when HMAC-RIPEMD-160 is used as the
> underlying hash function) of the key derivation function have to be
> performed to derive a header key, which increases the time necessary
> to perform an exhaustive search for passwords (i.e., brute force attack)

A jesli ktos nie wierzy w dokument, to mozna to latwo sprawdzic w zrodlach:

Common/Pkcs5.c:
void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int i
terations, char *u, int b)
{
/* iteration 1 */
memset (counter, 0, 4);
counter[3] = (char) b;
memcpy (init, salt, salt_len); /* salt */
memcpy (&init[salt_len], counter, 4); /* big-endian block number */
hmac_ripemd160 (pwd, pwd_len, init, salt_len + 4, j);
memcpy (u, j, RIPEMD160_DIGESTSIZE);

/* remaining iterations */
for (c = 1; c < iterations; c++)
{
hmac_ripemd160 (pwd, pwd_len, j, RIPEMD160_DIGESTSIZE, k);
for (i = 0; i < RIPEMD160_DIGESTSIZE; i++)
{
u[i] ^= k[i];
j[i] = k[i];
}
}
}

./Volume/Pkcs5Kdf.cpp:
void Pkcs5HmacRipemd160::DeriveKey (const BufferPtr &key, const VolumePa
ssword &password, const ConstBufferPtr &salt, int iterationCount) const
{
ValidateParameters (key, password, salt, iterationCount);
derive_key_ripemd160 ((char *) password.DataPtr(), (int) passwor
d.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.G
et(), (int) key.Size());
}

[...]

DeriveKey (key, password, salt, GetIterationCount());

./Volume/Pkcs5Kdf.h:
virtual int GetIterationCount () const { return 2000; }

--
* Fido: 2:480/124 ** WWW: http://www.frasunek.com ** NICHDL: PMF9-RIPE *
* Jabber ID: v...@c...pl ** PGP ID: 2578FCAD ** HAM-RADIO: SQ5JIV *