Password hashing

Peter Gutmann pgut001 at
Sun Oct 14 01:48:53 EDT 2007

Martin James Cochran <Martin.Cochran at Colorado.EDU> writes:

>This might work, although 90% of the steps seem to unnecessarily (and
>perilously) complicate the algorithm.  What's wrong with starting with input
>SALT || PASSWORD and iterating N times, where N is chosen (but variable) to
>make brute-force attacks take longer?

Or just use PBKDF2, RFC 2898.  It does what's required, has been vetted by
cryptographers, is an IETF standard, has free implementations available, ...


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list