I recently learned about the hashing algorithm bcrypt, which allows you to speci

Question

I recently learned about the hashing algorithm bcrypt, which allows you to specify a "work factor" for the hash which can be incremented to stay ahead of Moore's Law. I understand there are some other hashing algorithms that also do this.

Are there any two-way encryption algorithms with this property? For example, I'd like to be able to encrypt a file such that it takes a couple of seconds with today's machines to decrypt it using the correct key, and therefore someone who is trying to guess the key will be severely rate-limited.

Explanation / Answer

You can use bcrypt to derive a (long enough) key from your initial secret value, and then use the key for symmetric encryption. "Guessing" the key is an issue only when the key is part of a space of possible keys which is small enough that such guessing is a possibility -- i.e. when the "secret value" is a password. A 128-bit uniformly random key is immune to guessing by virtue of being part of a space of size 2128. So use bcrypt with your work factor, truncate the result to 128 bits, use AES, and you're done: any guessing will have to work with the password, and will thus greatly suffer from the bcrypt work factor.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects