Request for feedback: how slow is your slowest MAAS cloud?

[Seth Arnold]

On Thu, Jun 01, 2017 at 05:46:52PM -0700, Mike Pontillo wrote:
>    In doing so, I'm looking at deriving an shared key that can be used to
> encrypt network traffic between peer rack and region controllers, and
> eventually commissioned machines. The industry standard for key derivation
> is the PBKDF2 algorithm, which makes brute force attacks to derive the
> password from the key harder (by repeatedly running a hash function).

PBKDF2 is also fairly old; I believe most cryptographers would prefer
argon2, scrypt, or bcrypt to PBKDF2, with a grudging acceptance that if
you have to sell into the FIPS marketplace you may not have a choice.
Do we have a choice?

We should also worry about the asymmetry of attackers vs defenders.
Hashcat on gtx1080 GPUs can crack roughly a thousand of these
million-iteration PBKDF2 per second.

(I'm extrapolating a bit from the data easily available. This forum post
says the benchmark uses 1000 iterations:
https://hashcat.net/forum/thread-5799.html
And these results say that it can run over a million per second:
https://gist.github.com/epixoip/6ee29d5d626bd8dfe671a2d8f188b77b
https://gist.github.com/epixoip/a83d38f412b4737e99bbef804a270c40
So my assumption is one thousand times the work means a one thousand time
slowdown. I haven't tested these speeds myself.)

This points out that no matter how expensive the KDF being used,
passwords such as '123456' 'monkey' etc are always terrible. It might
take the controllers one second or so to generate the key, but given a
password in the usual top-1000 list of passwords, hashcat can break it
in about the same time it took to generate it.

Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/maas-devel/attachments/20170601/ba276ae2/attachment.pgp>