#557 Key Stretching: Improve The Security Of Weak Passwords

[Anonymous]

One thing I've noticed would help KeePass quite a bit,
security-wise, is the introduction of key stretching.
It's quite easy to implement, and it adds a significant
amount of security to any weak password, especially in
the face of possible offline brute force attacks.

In essence, key stretching is simply a computationally
intensive algorithm for turning a user's password into
a key fit for use with a symetric encryption algorithm.
One normally uses a hash function for this: h(p)

If you loop this together, you can introduce
computational expense into the key generation algorithm
which can't be by-passed by an attacker:

k = password
for 1 to t do
k = h(k)

One chooses t based on how much time is acceptable to
the end user, and this process adds log2(t) bits to the
keyspace. The attacker goes from being able to try a
key every 1ms to having to spend 1000ms for each key,
for example.

The UI for this can still be responsive, and you can
choose t based on how fast the user's computer is, or
how long they'd like to wait.

Schneier's original paper can be found here:
http://www.schneier.com/paper-low-entropy.html

A better example is provided in Ferguson & Schneier's
_Practical_Cryptography_, but the gist is the same.

I've implemented this type of system in a few different
environments. If you'd like more information, you can
email me at coda dot hale at gmail dot com

[Squeller]

Logged In: YES
user_id=999143

We've discussed this some time ago and keepass is exactly
doing what you demand.

See: http://keepass.sourceforge.net/infosec.php (Last
chapter of "Protection against dictionary and guessing
attacks")

See also "File - Database settings" in keepass GUI.