What is the accepted way to derive several keys from a user-supplied input?

Or, can you see anything wrong by prepending a counter to the passphrase
and hashing it to create derived keys?

k_n = hash(n || passphrase)

I suppose a faster system would involve using hash(passphrase) as the
key and encrypting a counter (assuming that hashes are slower than
block ciphers).

k_n = E(hash(passphrase), n)

Both seem vulnerable to dictionary attacks, and it's not immediately clear
to me how I could prevent them, or if that's even possible.

Terry Ritter suggested using CRCs over the passphrase, but I haven't really
analyzed that method at all.

Any opinions?
--
Enhance your calm, fellow citizen; it's just ones and zeroes.
Unix "guru" for rent or hire -><- http://www.lightconsulting.com/~travis/
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066  151D 0A6B 4098 0C55 1484

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to