Private Key Generation from Passwords/phrases

Alexander Klimov alserkli at
Tue Jan 30 11:56:12 EST 2007

On Sun, 28 Jan 2007, Steven M. Bellovin wrote:
> Beyond that, 60K doesn't make that much of a difference even with a
> traditional /etc/passwd file -- it's only an average factor of 15
> reduction in the attacker's workload.  While that's not trivial, it's
> also less than, say,  a one-character increase in average password
> length.  That said, the NetBSD HMAC-SHA1 password hash, where I had
> some input into the design, uses a 32-bit salt, because it's free.

In many cases the real goal is not to find all (or many) passwords,
but to find at least one, so one may concentrate on the most-oftenly
used salt. (Of course, with 60K passwords there is almost for sure at
least one "password1" or "Steven123" and thus the salts are


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list