mirror of
https://github.com/Kpa-clawbot/meshcore-analyzer.git
synced 2026-04-10 13:55:40 +00:00
0a55717283
Weak passphrases with no KDF stretching are the #1 practical threat. Timestamp in plaintext block 0 serves as known-plaintext oracle for instant key verification from a single captured packet. Key findings: - decode_base64() output used directly as AES key, no KDF - Short passphrases produce <16 byte keys (reduced key space) - No salt means global precomputed attacks work - 3-word passphrase crackable in ~2 min on commodity GPU Reviewed by djb and Dijkstra personas. Corrections applied: - GPU throughput upgraded from 10^9 to 10^10 AES/sec baseline - Oracle strengthened: bytes 4+ (type byte, sender name) also predictable - Dictionary size assumptions made explicit - Zipf's law caveat added (humans don't choose uniformly) - base64 short-passphrase key truncation issue documented