Password hashing
Adam Back
adam at cypherspace.org
Fri Oct 12 14:40:20 EDT 2007
I would have thought PBKDF2 would be the obvious, standardized (PKCS
#5 / RFC 2898) and designed for purpose method to derive a key from a
password. PBKDF2 would typically be based on HMAC-SHA1.
Should be straight-forward to use PBKDF2 with HMAC-SHA-256 instead for
larger key sizes, or for avoidance of SHA1 since the partial attacks
on it.
Adam
On Thu, Oct 11, 2007 at 10:19:18PM -0700, james hughes wrote:
> A proposal for a new password hashing based on SHA-256 or SHA-512 has
> been proposed by RedHat but to my knowledge has not had any rigorous
> analysis. The motivation for this is to replace MD-5 based password
> hashing at banks where MD-5 is on the list of "do not use" algorithms.
> I would prefer not to have the discussion "MD-5 is good enough for
> this algorithm" since it is not an argument that the customers
> requesting these changes are going to accept.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list