Quote:
Originally Posted by ixtab
|
They are talking there about searching a 10-character keyspace that uses a simple hash function. In the real world, PBKDF2 is often used for key generation to prevent such a brute-force attack. Like I said, I do not know if the kindle keys were generated with a secure (slow) hash, or use a weaker fast hash function. It would be silly for them to make it quick and easy to brute-force their DRM without knowing the serial number of the DRM-authorized device. Good DRM would use something slow for key generation like the ever-popular PBDKF2 function
(RFC 2898).
http://en.wikipedia.org/wiki/PBKDF2
Quote:
|
The added computational work makes password cracking much more difficult, and is known as key stretching.
|
EDIT: PBKDF2 uses SHA-1 inside, but it does 2,000 rounds (or more) of hashing, so you would need to divide your 1.5M/sec key generation rate by 2,000 (or 10,000 in recent implementations).
EDIT2: PBKDF2 (or other) key stretching algorithms are also used to severely slow down dictionary-based attacks.