Password hashing
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sun Oct 14 01:48:53 EDT 2007
Martin James Cochran <Martin.Cochran at Colorado.EDU> writes:
>This might work, although 90% of the steps seem to unnecessarily (and
>perilously) complicate the algorithm. What's wrong with starting with input
>SALT || PASSWORD and iterating N times, where N is chosen (but variable) to
>make brute-force attacks take longer?
Or just use PBKDF2, RFC 2898. It does what's required, has been vetted by
cryptographers, is an IETF standard, has free implementations available, ...
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list