hashes on restricted domains: random functions or permutations?
Travis H.
solinym at gmail.com
Tue Oct 17 20:13:11 EDT 2006
So I was reading about the OTP system (based on S/Key) described in RFC 2289.
It basically hashes a secret several times (with salt to individualize
it) and stores
the value that the correct password will hash to.
Now my question is, if we restrict ourselves to, say, 160-bit inputs, is SHA-1
a permutation, or do collisions exist? If there are collisions, then iterating
the hash could lead to fewer possible values each time, potentially converging
on a set of inputs that form a permutation and are closed under composition.
Is that correct? What are the expected sizes of such sets?
Is it worth worrying about?
--
"The obvious mathematical breakthrough would be the development of an
easy way to factor large prime numbers.'' [sic] -- Bill Gates -><-
<URL:http://www.subspacefield.org/~travis/>
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list