On Tue, 21 Mar 2006, Travis H. wrote: > Does anyone have a good idea on how to OWF passphrases without > reducing them to lower entropy counts? That is, I've seen systems > which hash the passphrase then use a PRF to expand the result --- I > don't want to do that. I want to have more than 160 bits of entropy > involved.
If you want 512 bits use SHA-512. > I was thinking that one could hash the first block, copy the > intermediate state, finalize it, then continue the intermediate result > with the next block, and finalize that. Is this safe? Is there a > better alternative? What about dividing passphrase into blocks and hash them separately -- if the size of a block is the same as the hash output's size entropy reduction should be minimal. BTW, with respect to entropy reduction is there any explanation why PBKDFs from PKCS5 hash password || seed || counter instead of counter || seed || password and thus reduce all the entropy of the password to the size of the internal state. -- Regards, ASK --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]