Password hashing

[Peter Gutmann]

Martin James Cochran <Martin.Cochran at Colorado.EDU> writes:

>This might work, although 90% of the steps seem to unnecessarily (and
>perilously) complicate the algorithm.  What's wrong with starting with input
>SALT || PASSWORD and iterating N times, where N is chosen (but variable) to
>make brute-force attacks take longer?

Or just use PBKDF2, RFC 2898.  It does what's required, has been vetted by
cryptographers, is an IETF standard, has free implementations available, ...

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com