|
|
|
|
|
|
by bradleyjg
3936 days ago
|
|
|
This has similar security properties to a salted password based key derivation scheme. Given the output, and assuming a function with effective preimage resistance, the best way to find the global password is brute force it by trying lots of master passwords. The security is a function of the forward difficulty of the KDF (in space and time) and the quality of the master password. Use the password 'password' and MD5 and you don't have much security except through obscurity. Use an 8 word diceware password and scypt and you are doing great security wise (assuming of course no implementation problems, a big assumption!) |
|
|