> BTW, with respect to entropy reduction is there any explanation why > PBKDFs from PKCS5 hash > > password || seed || counter > > instead of > > counter || seed || password > > and thus reduce all the entropy of the password to the size of the > internal state.
In theory it's more efficient, as it lets you precalculate all but the last block of (password || salt). In practice, this is one of the situations where efficiency helps the attacker more than the implementer. William --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]