[4179] in cryptography@c2.net mail archive
Re: Strengthening the Passphrase Model
daemon@ATHENA.MIT.EDU (Antonomasia)
Wed Feb 10 14:09:42 1999
Date: Wed, 10 Feb 1999 07:47:42 GMT
From: Antonomasia <ant@notatla.demon.co.uk>
To: cryptography@c2.net
"Arnold G. Reinhold" <reinhold@world.std.com>:
> There are two problems with iterating hash algorithms like MD5 and SHA1 for
> this purpose.
[adding delay to authentication]
> First they are faster in hardware than in software. All
> those non-linear functions that take several instructions on a general
> purpose CPU can execute as a single step in custom silicon.
> Second, the hash algorithms can be implimented in hardware on very modest
> chip real estate, well under 100,000 gates I would guess. Your basic low
> end PC or iMac has, maybe, half a billion gates inside. If you can weave
> even 10% of those gates into your hash, massively parallel attacks become
> much harder.
>From memory, Rivest and Wagner have a paper on crypto time locks where
repeated squaring is reckoned to be incapable of much parallel computing.
I think I got it from Rivest's web site in mid-1997.
--
##############################################################
# Antonomasia ant@notatla.demon.co.uk #
# See http://www.notatla.demon.co.uk/ #
##############################################################
