Travis H. wrote:
So I was reading about the OTP system (based on S/Key) described in RFC
2289.
It basically hashes a secret several times (with salt to individualize
it) and stores
the value that the correct password will hash to.
Now my question is, if we restrict ourselves to, say, 160-bit inputs, is
SHA-1
a permutation, or do collisions exist? If there are collisions, then
iterating
the hash could lead to fewer possible values each time, potentially
converging
on a set of inputs that form a permutation and are closed under
composition.
Is that correct?
Yes.
What are the expected sizes of such sets?
More relevant is how many iterations it takes to get to a significantly
smaller set.
Is it worth worrying about?
No.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]