passphrases with more than 160 bits of entropy

[Whyte, William]

> BTW, with respect to entropy reduction is there any explanation why
> PBKDFs from PKCS5 hash
> 
>  password || seed || counter
> 
> instead of
> 
>  counter || seed || password
> 
> and thus reduce all the entropy of the password to the size of the
> internal state.

In theory it's more efficient, as it lets you precalculate
all but the last block of (password || salt). In practice,
this is one of the situations where efficiency helps the
attacker more than the implementer.

William

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com