> BTW, with respect to entropy reduction is there any explanation why
> PBKDFs from PKCS5 hash
>  password || seed || counter
> instead of
>  counter || seed || password
> and thus reduce all the entropy of the password to the size of the
> internal state.

In theory it's more efficient, as it lets you precalculate
all but the last block of (password || salt). In practice,
this is one of the situations where efficiency helps the
attacker more than the implementer.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to