[78830] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Private Key Generation from Passwords/phrases

daemon@ATHENA.MIT.EDU (Allen)
Sun Feb 4 17:34:39 2007

Date: Sun, 04 Feb 2007 08:31:38 -0800
From: Allen <netsecurity@sound-by-design.com>
To:  cryptography@metzdowd.com
In-Reply-To: <TheMailAgent.13c8cfc69895e6a@8640663a72279bbfafc4>

Alexander Klimov wrote:

[snip]

>(Of course, with 60K passwords there is almost for sure at
> least one "password1" or "Steven123" and thus the salts are
> irrelevant.)
> 

I'm not sure I understand this statement as I just calculated the 
  HMAC MD5 for "password1" using a salt of 7D00 (32,000 decimal) 
and got the result of 187de1db3348592a3595905a66cae418. Then I 
calculated the MD5 with a salt of 61A8 (25,000 decimal) and got a 
result of 9cad6ac9f5555d6c09fd8e99e478381f.

Are you saying that the salt is irrelevant because a dictionary 
attack is fast and common dictionary words would allow an easy 
attack?

Thanks,

Allen

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[78830] in cryptography@c2.net mail archive

Re: Private Key Generation from Passwords/phrases

daemon@ATHENA.MIT.EDU (Allen)Sun Feb 4 17:34:39 2007

daemon@ATHENA.MIT.EDU (Allen)
Sun Feb 4 17:34:39 2007