Comment For the record (Score 1) 84
The 2011 paper can be read here: http://arxiv.org/ftp/arxiv/papers/1110/1110.2798.pdf
Bonilla's 1885 paper can be read here: http://gallica.bnf.fr/ark:/12148/bpt6k2096403/f351
The 2011 paper can be read here: http://arxiv.org/ftp/arxiv/papers/1110/1110.2798.pdf
Bonilla's 1885 paper can be read here: http://gallica.bnf.fr/ark:/12148/bpt6k2096403/f351
'You can't really prevent these [brute force] attacks: nothing prevents an attacker to just try all possible keys and look if the database decrypts. But what we can do (and KeePass does) is to make it harder: by adding a constant work factor to the key initialization, we can make them as hard as we want."
To protect its database (of passwords), the program actually performs N rounds of AES encryption, with N being a large number of your choice, chosen so that these rounds take "a lot of time", say 1 second. This way, the attacker will only test 1 password per second.
Does this make sense ?
Science and religion are in full accord but science and faith are in complete discord.