passphrases with more than 160 bits of entropy
Whyte, William
WWhyte at ntru.com
Wed Mar 22 10:14:21 EST 2006
> BTW, with respect to entropy reduction is there any explanation why
> PBKDFs from PKCS5 hash
>
> password || seed || counter
>
> instead of
>
> counter || seed || password
>
> and thus reduce all the entropy of the password to the size of the
> internal state.
In theory it's more efficient, as it lets you precalculate
all but the last block of (password || salt). In practice,
this is one of the situations where efficiency helps the
attacker more than the implementer.
William
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list