passphrases with more than 160 bits of entropy

Whyte, William WWhyte at
Wed Mar 22 10:14:21 EST 2006

> BTW, with respect to entropy reduction is there any explanation why
> PBKDFs from PKCS5 hash
>  password || seed || counter
> instead of
>  counter || seed || password
> and thus reduce all the entropy of the password to the size of the
> internal state.

In theory it's more efficient, as it lets you precalculate
all but the last block of (password || salt). In practice,
this is one of the situations where efficiency helps the
attacker more than the implementer.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list