Re: [Monotone-devel] bug: monotone serve w/ long passphrase

[Matt Johnston]

On Sat, Sep 24, 2005 at 04:24:01PM -0700, Stefan Karpinski wrote:
> Ouch. 32 is not a lot of key material for critical purposes,  
> especially since each letter of a typical password contains far less  
> than a byte of entropy. What was the motivation for switching from  
> crypto++ to Botan? Of course, my purposes are hardly critical, so I  
> think I'll just use a shorter key. Thanks for the prompt reply.

I think it was an arbitrary (or perhaps accidental) limit in
Botan's implementation, since usually a key is generated
from hashing data first. A better solution is probably to
feed the passphrase into PBKDF2 (basically lots of hashing
to make it more resiliant against bruteforcing), and then
use those 20 bytes as the key for something standard like
PKCS #8. That'll require "migrating" keys (and knowing
passphrases) - perhaps that would be worth doing alongside
the work of moving private keys outside the database.

The rationale for Botan is that it is a lot nicer to compile
and keep compiling with new versions of g++, the code is a
lot more readable, and good docs exist.

Matt