On Tue, 21 Mar 2006, Travis H. wrote:
> Does anyone have a good idea on how to OWF passphrases without
> reducing them to lower entropy counts?  That is, I've seen systems
> which hash the passphrase then use a PRF to expand the result --- I
> don't want to do that.  I want to have more than 160 bits of entropy
> involved.

If you want 512 bits use SHA-512.

> I was thinking that one could hash the first block, copy the
> intermediate state, finalize it, then continue the intermediate result
> with the next block, and finalize that.  Is this safe?  Is there a
> better alternative?

What about dividing passphrase into blocks and hash them separately --
if the size of a block is the same as the hash output's size entropy
reduction should be minimal.

BTW, with respect to entropy reduction is there any explanation why
PBKDFs from PKCS5 hash

 password || seed || counter

instead of

 counter || seed || password

and thus reduce all the entropy of the password to the size of the
internal state.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to