key-stretching – WindowsTechs.com

Does 7-Zip really run multiple rounds of SHA-256 when key stretching?

Posted on March 21, 2022 by d33tah

Recently I was testing whether I could make 7-Zip archives more bruteforce-resistant. Both someone on Wikipedia and @kelalaka on this website make the following claim:

The 7z format supports encryption with the AES algorithm with a 256-bi… Continue reading Does 7-Zip really run multiple rounds of SHA-256 when key stretching?→

AES-256 without key stretching

Posted on August 1, 2021 by cardamom

It is not so difficult to create a password which is exactly 32 characters long.
In this question – AES-256 Key Length Importance @Marc writes:

you absolutely should not be using a password as the raw key

..and in this one @Filip_Franik … Continue reading AES-256 without key stretching→

Why isn’t it more popular to increase the p (parallelization) parameter of scrypt?

Posted on July 11, 2020 by negamartin

First of all, the understanding I have of the p parameter in scrypt is that it multiplies the amount of work to do, but in such a way that the additional workloads are independent from each other, and can be run in parallel. With the inter… Continue reading Why isn’t it more popular to increase the p (parallelization) parameter of scrypt?→

Password Length and Key Length [duplicate]

Posted on November 28, 2019 by user2994783

This question already has an answer here:

How to securely hash passwords?

13 answers

Passwords are not stored in plain te… Continue reading Password Length and Key Length [duplicate]→

256-bit Symmetric Keys As Passwords

Posted on May 21, 2019 by Woodstock

Would using a 256-bit binary string, for e.g.

0000001100101011100101110101101000101000011001011010000111010100000011101100011111110010001000101010010010101101111100010011100111011100110110101001111001110110100011001010100110… Continue reading 256-bit Symmetric Keys As Passwords→

Length of a stretched gnupg passphrase that is comparable in strength to an unstretched string of 256 random bits

Posted on March 24, 2019 by kjo

Assume that we want to encrypt a file with gnupg using AES-256 as the encryption algorithm. (Hence, symmetric encryption.)

In this mode, gnupg requires a passphrase from the user. I understand that gnupg then derives from … Continue reading Length of a stretched gnupg passphrase that is comparable in strength to an unstretched string of 256 random bits→

What’s the easiest way to benchmark the decryption of my "new format" openssl private key?

Posted on September 1, 2018 by HappMacDonald

Ssh-keygen now supports a new key encryption format with -o, and configurable rounds of key stretching with -a. So I want to pick a -a that takes a chosen amount of time on my system.

But I don’t know how to measure how long… Continue reading What’s the easiest way to benchmark the decryption of my "new format" openssl private key?→

Under Armour Reports Massive Breach of 150 Million MyFitnessPal Accounts

Posted on March 30, 2018 by Tom Spring

Under Armour is getting kudos for disclosing breach within weeks, but concerns remain over an unknown portion of credentials reportedly stored using the weak SHA-1 hashing function. Continue reading Under Armour Reports Massive Breach of 150 Million MyFitnessPal Accounts→

Naive key stretching vs PBKDF2

Posted on February 10, 2017 by John Blatz

What are the drawbacks of using a trivially simple key stretching approach such as the below Python example, compared to something like PBKDF2? The purpose is to harden an AES-encrypted file against brute-forcing.

Are there … Continue reading Naive key stretching vs PBKDF2→

Key stretching approaches

Posted on September 24, 2015 by Sebi

I’ve seen that a number of key stretching algorithms and they involved increasing the number of operations needed to compute the key(i.e. the number of rounds within a hash function). But, I wonder if these approaches are mor… Continue reading Key stretching approaches→