[14751] in cryptography@c2.net mail archive
Re: Protection against offline dictionary attack on static files
daemon@ATHENA.MIT.EDU (Zooko Journeyman)
Sun Nov 16 06:59:00 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: 13 Nov 2003 10:09:17 -0500
From: "Zooko Journeyman" <zooko@localhost.notabug.com>
To: "Arcane Jill" <arcanejill@ramonsky.com>
Cc: cryptography@metzdowd.com
In-Reply-To: Message from Arcane Jill <arcanejill@ramonsky.com>
of "Thu, 23 Oct 2003 08:20:35 BST." <3F978143.7070005@ramonsky.com>
Arcane Jill wrote:
>
<... a way to make decryption more expensive ...>
I think it is a neat idea. I think it is best understood as a kind of
"key-stretching" akin to iterated hashing of a password, as in:
Secure Applications of Low-Entropy Keys (1998)
John Kelsey, Bruce Schneier, Chris Hall, David Wagner
http://citeseer.nj.nec.com/kelsey98secure.html
I invented it myself at one point, and then subsequently learned that it had
already been published.
Here are some notes I wrote about it earlier this year:
"""
I've learned that Udi Manber, Martín Abadi [1], Mark Lomas, and Roger
Needham [2] have already published one of my ideas -- that of an extra "salt"
used to hash passwords, erased, and then brute-force-rediscovered when needed.
This kind of thing reassures me that my own part-time, self-directed crypto
research isn't too far off the mainstream. Manber's paper [3] is earliest,
but Abadi's [4] (published as a Technical Report) contains extra goodies such
as consideration of off-line brute force attacks on weak keys used in
communication protocols and a comparison to the more widely used key-
strengthening of iterated hashing.
[1] http://www.cse.ucsc.edu/~abadi
[2] http://research.microsoft.com/users/needham/
[3] http://citeseer.nj.nec.com/manber96simple.html
[4] http://www.cse.ucsc.edu/~abadi/Papers/pwd-revised.ps
"""
Regards,
Zooko
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
