faster way of determing if the passphrase is correct or not

Michael Halcrow mike at
Sun Apr 10 22:39:34 CEST 2005

On Sun, Apr 10, 2005 at 04:39:41PM +0200, folkert at wrote:
> For a program of mine I'd like to quickly verify if the entered
> passphrase is correct. Currently I'm calling "gpgme_op_sign" and
> check its return- value to see if the passphrase is correct or not
> (if it cannot sign, the passphrase is incorrect). This seems to be a
> slow method: my 2.8GHz P4 can only do it 220 times a second. So I
> was wondering: is there a faster method? Any api-call I don't know
> of? Or?

That cannot really be made any faster without sacrificing security. In
the string-to-key converstion process, the passphrase is concatenated
with the salt, and then that chunk of data is iteratively hashed
(i.e., 65,536 times).  This makes it a little more difficult to do a
dictionary attack on the passphrase.

I'm not sure exactly what gpgme_op_sign is doing.  In eCryptfs, I do
the iterative hash thing, and then I hash the key one more time to
generate a signature for the passphrase+salt combination.  This
signature is what is used to determine whether you have the right
passphrase.  You really can't tell whether or not you've go the right
passphrase until you've done all the hashing.  GPGME may actually go
all the way through with a public key operation before it figures out
that that the passphrase was incorrect.  I'd have to look at the
source to figure that out though...

                         Michael A. Halcrow                          
       Security Software Engineer, IBM Linux Technology Center       
GnuPG Fingerprint: 05B5 08A8 713A 64C1 D35D  2371 2D3C FDDA 3EB6 601D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/attachments/20050410/d849b452/attachment.pgp

More information about the Gnupg-devel mailing list