[21491] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

RE: passphrases with more than 160 bits of entropy

daemon@ATHENA.MIT.EDU (Whyte, William)
Wed Mar 22 10:25:40 2006

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 22 Mar 2006 10:14:21 -0500
From: "Whyte, William" <WWhyte@ntru.com>
To: "Alexander Klimov" <alserkli@inbox.ru>,
	<cryptography@metzdowd.com>

> BTW, with respect to entropy reduction is there any explanation why
> PBKDFs from PKCS5 hash
>=20
>  password || seed || counter
>=20
> instead of
>=20
>  counter || seed || password
>=20
> and thus reduce all the entropy of the password to the size of the
> internal state.

In theory it's more efficient, as it lets you precalculate
all but the last block of (password || salt). In practice,
this is one of the situations where efficiency helps the
attacker more than the implementer.

William

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[21491] in cryptography@c2.net mail archive

RE: passphrases with more than 160 bits of entropy

daemon@ATHENA.MIT.EDU (Whyte, William)Wed Mar 22 10:25:40 2006

daemon@ATHENA.MIT.EDU (Whyte, William)
Wed Mar 22 10:25:40 2006