A variant on this question that we might see for lots of questions
soon: what's the best way to do this given only AES as a primitive?
Here's a simple way that uses all of the passphrase to control a
cryptographic PRNG that can be used to generate keys or whatever: use
the passphrase as the key to the block cipher, and run it in counter
mode.
If the passphrase is less than 256 bits (32 characters), this works
directly. If it's less than 64 characters, use Triple-AES. In
general, I assume that to use a key n times longer than the native key
length of the block cipher, you need to run it in 2n-1 mode; I'm
pretty sure this is so if the meet-in-the-middle attack is the only
one you have to worry about. Append a 1 bit to the passphrase, then
fill to the next key boundary with zeroes as usual.
This takes O(mn) time, where n is the passphrase length and m is the
number of key bits you need. I suspect any good solution will have
this property. Still, you only have to keyschedule n times and things
should be pretty fast after that.
Any thoughts on the security or efficiency of this proposal?
--
__
\/ o\ [EMAIL PROTECTED] *NOTE NEW EMAIL ADDRESS* \ /
/\__/ Paul Crowley http://www.cluefactory.org.uk/paul/ /~\
