passphrases with more than 160 bits of entropy

Alexander Klimov alserkli at
Wed Mar 22 08:51:15 EST 2006

On Tue, 21 Mar 2006, Travis H. wrote:
> Does anyone have a good idea on how to OWF passphrases without
> reducing them to lower entropy counts?  That is, I've seen systems
> which hash the passphrase then use a PRF to expand the result --- I
> don't want to do that.  I want to have more than 160 bits of entropy
> involved.

If you want 512 bits use SHA-512.

> I was thinking that one could hash the first block, copy the
> intermediate state, finalize it, then continue the intermediate result
> with the next block, and finalize that.  Is this safe?  Is there a
> better alternative?

What about dividing passphrase into blocks and hash them separately --
if the size of a block is the same as the hash output's size entropy
reduction should be minimal.

BTW, with respect to entropy reduction is there any explanation why
PBKDFs from PKCS5 hash

 password || seed || counter

instead of

 counter || seed || password

and thus reduce all the entropy of the password to the size of the
internal state.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list