Password Hashing and PGP Encryption

years</entry> <entry>3927 years</entry> <entry>100k</entry> </row> <row> <entry><literal>crypt-bf/7</literal></entry> <entry>3648</entry> <entry>2 years</entry> <entry>1929 years</entry> <entry>50k</entry> </row> <row> <entry><literal>crypt-bf/6</literal></entry> <entry>7168</entry> <entry>1 year</entry> <entry>982 years</entry> <entry>25k</entry> </row> <row> <entry><literal>crypt-bf/5</literal></entry> <entry>13504</entry> <entry>188 days</entry> <entry>521 years</entry> <entry>12.5k</entry> </row> <row> <entry><literal>crypt-md5</literal></entry> <entry>171584</entry> <entry>15 days</entry> <entry>41 years</entry> <entry>1k</entry> </row> <row> <entry><literal>crypt-des</literal></entry> <entry>23221568</entry> <entry>157.5 minutes</entry> <entry>108 days</entry> <entry>7</entry> </row> <row> <entry><literal>sha1</literal></entry> <entry>37774272</entry> <entry>90 minutes</entry> <entry>68 days</entry> <entry>4</entry> </row> <row> <entry><literal>md5</literal> (hash)</entry> <entry>150085504</entry> <entry>22.5 minutes</entry> <entry>17 days</entry> <entry>1</entry> </row> </tbody> </tgroup> </table> <para> Notes: </para> <itemizedlist> <listitem> <para> The machine used is an Intel Mobile Core i3. </para> </listitem> <listitem> <para> <literal>crypt-des</literal> and <literal>crypt-md5</literal> algorithm numbers are taken from John the Ripper v1.6.38 <literal>-test</literal> output. </para> </listitem> <listitem> <para> <literal>md5 hash</literal> numbers are from mdcrack 1.2. </para> </listitem> <listitem> <para> <literal>sha1</literal> numbers are from lcrack-20031130-beta. </para> </listitem> <listitem> <para> <literal>crypt-bf</literal> numbers are taken using a simple program that loops over 1000 8-character passwords. That way the speed with different numbers of iterations can be shown. For reference: <literal>john -test</literal> shows 13506 loops/sec for <literal>crypt-bf/5</literal>. (The very small difference in results is in accordance with the fact that the <literal>crypt-bf</literal> implementation in <filename>pgcrypto</filename> is the same one used in John the Ripper.) </para> </listitem> </itemizedlist> <para> Note that <quote>try all combinations</quote> is not a realistic exercise. Usually password cracking is done with the help of dictionaries, which contain both regular words and various mutations of them. So, even somewhat word-like passwords could be cracked much faster than the above numbers suggest, while a 6-character non-word-like password may escape cracking. Or not. </para> </sect3> </sect2> <sect2 id="pgcrypto-pgp-enc-funcs"> <title>PGP Encryption Functions</title> <para> The functions here implement the encryption part of the OpenPGP (<ulink url="https://datatracker.ietf.org/doc/html/rfc4880">RFC 4880</ulink>) standard. Supported are both symmetric-key and public-key encryption. </para> <para> An encrypted PGP message consists of 2 parts, or <firstterm>packets</firstterm>: </para> <itemizedlist> <listitem> <para> Packet containing a session key — either symmetric-key or public-key encrypted. </para> </listitem> <listitem> <para> Packet containing data encrypted with the session key. </para> </listitem> </itemizedlist> <para> When encrypting with a symmetric key (i.e., a password): </para> <orderedlist> <listitem> <para>

The document discusses password hashing algorithms, including their iteration counts and speeds, and provides tables to compare their relative slowness, and then introduces PGP encryption functions, which implement the OpenPGP standard for symmetric-key and public-key encryption, explaining the structure of an encrypted PGP message and the process of encrypting with a symmetric key.