passphrases with more than 160 bits of entropy
Alexander Klimov
alserkli at inbox.ru
Wed Mar 22 08:51:15 EST 2006
On Tue, 21 Mar 2006, Travis H. wrote:
> Does anyone have a good idea on how to OWF passphrases without
> reducing them to lower entropy counts? That is, I've seen systems
> which hash the passphrase then use a PRF to expand the result --- I
> don't want to do that. I want to have more than 160 bits of entropy
> involved.
If you want 512 bits use SHA-512.
> I was thinking that one could hash the first block, copy the
> intermediate state, finalize it, then continue the intermediate result
> with the next block, and finalize that. Is this safe? Is there a
> better alternative?
What about dividing passphrase into blocks and hash them separately --
if the size of a block is the same as the hash output's size entropy
reduction should be minimal.
BTW, with respect to entropy reduction is there any explanation why
PBKDFs from PKCS5 hash
password || seed || counter
instead of
counter || seed || password
and thus reduce all the entropy of the password to the size of the
internal state.
--
Regards,
ASK
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list