"Arnold G. Reinhold" <[EMAIL PROTECTED]>:
> There are two problems with iterating hash algorithms like MD5 and SHA1 for
> this purpose.
[adding delay to authentication]
> First they are faster in hardware than in software. All
> those non-linear functions that take several instructions on a general
> purpose CPU can execute as a single step in custom silicon.
> Second, the hash algorithms can be implimented in hardware on very modest
> chip real estate, well under 100,000 gates I would guess. Your basic low
> end PC or iMac has, maybe, half a billion gates inside. If you can weave
> even 10% of those gates into your hash, massively parallel attacks become
> much harder.
>From memory, Rivest and Wagner have a paper on crypto time locks where
repeated squaring is reckoned to be incapable of much parallel computing.
I think I got it from Rivest's web site in mid-1997.
--
##############################################################
# Antonomasia [EMAIL PROTECTED] #
# See http://www.notatla.demon.co.uk/ #
##############################################################
