Re: [WebDNA] encrypt files/directories

This WebDNA talk-list message is from

2011


It keeps the original formatting.
numero = 107606
interpreted = N
texte = Govinda wrote: >> We have implemented blowfish in WebDNA 7.0. Blowfish is a strong symmetric block ciphers used in SSH, OpenBSD, IPSec with 32 bits to 448 bits key length;. It allows very fast encryption and is trong enough. > > Chris, > > I now appreciate that Webdna uses blowfish, and glad we had this discussion, but (and someone correct me if I am wrong), fast encryption is not a strength, but actually a positive weakness. From a thread on another forum, > > -------------------------------------------------------------------------------- > > "bcrypt (blowfish) is an hashing algorithm which is scalable with hardware (via a configurable number of rounds). Its __slowness__ and multiple rounds ensures that an attacker must deploy massive funds and hardware to be able to crack your passwords. Add to that per-password salts (bcrypt REQUIRES salts) and you can be sure that an attack is virtually unfeasible without either ludicrous amount of funds or hardware." > > ...and, > > "The goal is to hash the password with something slow so someone getting your password database will die trying to bruteforce it (a 10ms delay to check a password is nothing for you, a lot for someone trying to bruteforce it). Bcrypt is slow and can be used with a parameter to chose how slow it is." > > -------------------------------------------------------------------------------- > > > I am just beginning learning about (some of) the depth of modern security/encryption, but AFAIK it is important that the 'cost parameter'/'iteration count' (configurable number of rounds that the algorithm is applied) should be as high as possible (that one's app can handle) to thus require as much computation as possible to reverse the process (i.e. ADD slowness) - to make it unfeasible for hackers to brute force 'un-encrypt'. Govinda, I think I may have posted to that PHP discussion (or one like it)... My take is that there are many levels of security, and no true "holy grail". I believe you have to look at security for the purpose in which you are using it. There are fanatics on the PHP forum who will spout that the only way is their version of the "holy grail".. IV salted, one-way, hash, throttling etc.. My perception is the "Holy Grail" is not always required, nor is it appropriate. A salted blowfish is strong kung-fu and perfectly adequate for many purposes. Like many things WebDNA, it has some good solutions without it being *required* to know everything about it. Donovan -- Donovan Brooke Euca Design Center www.euca.us www.keepitturning.co Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] encrypt files/directories (Donovan Brooke 2011)
  2. Re: [WebDNA] encrypt files/directories (Govinda 2011)
  3. Re: [WebDNA] encrypt files/directories (christophe.billiottet@webdna.us 2011)
  4. Re: [WebDNA] encrypt files/directories (christophe.billiottet@webdna.us 2011)
  5. Re: [WebDNA] encrypt files/directories (Govinda 2011)
  6. Re: [WebDNA] encrypt files/directories (Grant Hulbert 2011)
  7. Re: [WebDNA] encrypt files/directories (Govinda 2011)
  8. Re: [WebDNA] encrypt files/directories ("Brian B. Burton" 2011)
  9. Re: [WebDNA] encrypt files/directories (Steve Raslevich -Northern Sound 2011)
  10. Re: [WebDNA] encrypt files/directories (Govinda 2011)
  11. Re: [WebDNA] encrypt files/directories (Steve Raslevich -Northern Sound 2011)
  12. Re: [WebDNA] encrypt files/directories (Govinda 2011)
  13. [WebDNA] encrypt files/directories (Steve Raslevich -Northern Sound 2011)
Govinda wrote: >> We have implemented blowfish in WebDNA 7.0. Blowfish is a strong symmetric block ciphers used in SSH, OpenBSD, IPSec with 32 bits to 448 bits key length;. It allows very fast encryption and is trong enough. > > Chris, > > I now appreciate that Webdna uses blowfish, and glad we had this discussion, but (and someone correct me if I am wrong), fast encryption is not a strength, but actually a positive weakness. From a thread on another forum, > > -------------------------------------------------------------------------------- > > "bcrypt (blowfish) is an hashing algorithm which is scalable with hardware (via a configurable number of rounds). Its __slowness__ and multiple rounds ensures that an attacker must deploy massive funds and hardware to be able to crack your passwords. Add to that per-password salts (bcrypt REQUIRES salts) and you can be sure that an attack is virtually unfeasible without either ludicrous amount of funds or hardware." > > ...and, > > "The goal is to hash the password with something slow so someone getting your password database will die trying to bruteforce it (a 10ms delay to check a password is nothing for you, a lot for someone trying to bruteforce it). Bcrypt is slow and can be used with a parameter to chose how slow it is." > > -------------------------------------------------------------------------------- > > > I am just beginning learning about (some of) the depth of modern security/encryption, but AFAIK it is important that the 'cost parameter'/'iteration count' (configurable number of rounds that the algorithm is applied) should be as high as possible (that one's app can handle) to thus require as much computation as possible to reverse the process (i.e. ADD slowness) - to make it unfeasible for hackers to brute force 'un-encrypt'. Govinda, I think I may have posted to that PHP discussion (or one like it)... My take is that there are many levels of security, and no true "holy grail". I believe you have to look at security for the purpose in which you are using it. There are fanatics on the PHP forum who will spout that the only way is their version of the "holy grail".. IV salted, one-way, hash, throttling etc.. My perception is the "Holy Grail" is not always required, nor is it appropriate. A salted blowfish is strong kung-fu and perfectly adequate for many purposes. Like many things WebDNA, it has some good solutions without it being *required* to know everything about it. Donovan -- Donovan Brooke Euca Design Center www.euca.us www.keepitturning.co Donovan Brooke

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

splitting numbers in webDNA? (1997) Mondo amounts of Mail [long] (1999) php + WebCatalog in same files (2001) A Global Variable (1997) HELP-1!!! (1998) Subject: Authenticating users without dialog box (1997) WebCatalog2 Feature Feedback (1996) Nested vs conditional (1997) Dreamweaver Extensions for WC (2000) WC2f3 (1997) Menu Madness (2001) Re:WebCatalog f2 Installation (1997) Cleaning up all the shopping carts (2000) 3RD POST Character limit in [Search]? (1998) Date Sorting (1997) Sitebuilder (2004) Shipping charges (1998) read and write you own cookies with webcat (1997) Help with database strategy (1998) problems with 2 tags (1997)