[21490] in cryptography@c2.net mail archive
Re: passphrases with more than 160 bits of entropy
daemon@ATHENA.MIT.EDU (Alexander Klimov)
Wed Mar 22 10:10:28 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 22 Mar 2006 15:51:15 +0200 (IST)
From: Alexander Klimov <alserkli@inbox.ru>
To: cryptography@metzdowd.com
In-Reply-To: <d4f1333a0603211244m71a124b6pe072154d7b731d53@mail.gmail.com>
On Tue, 21 Mar 2006, Travis H. wrote:
> Does anyone have a good idea on how to OWF passphrases without
> reducing them to lower entropy counts? That is, I've seen systems
> which hash the passphrase then use a PRF to expand the result --- I
> don't want to do that. I want to have more than 160 bits of entropy
> involved.
If you want 512 bits use SHA-512.
> I was thinking that one could hash the first block, copy the
> intermediate state, finalize it, then continue the intermediate result
> with the next block, and finalize that. Is this safe? Is there a
> better alternative?
What about dividing passphrase into blocks and hash them separately --
if the size of a block is the same as the hash output's size entropy
reduction should be minimal.
BTW, with respect to entropy reduction is there any explanation why
PBKDFs from PKCS5 hash
password || seed || counter
instead of
counter || seed || password
and thus reduce all the entropy of the password to the size of the
internal state.
--
Regards,
ASK
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
