Hey, quick question. If one wants to have multiple keys, but for ease-of-use considerations want to only have the user enter one, is there a preferred way to derive multiple keys that, while not independent, are "computationally independent"?
I was thinking of hashing the passphrase with a unique string for each one; is this sufficient? If sufficient, is a cryptographically strong hash necessary? I got a clarification about the "use CRCs to process passphrase" idea someone mentioned. The salient bit is that he was using several CRCs (not sure if it's random or carefully chosen), and each one is run on the passphrase, and the output of all of them concatenated to initialize a PRNG seed. The passphrase and seed are both secret, so according to him there's no need to use a cryptographically strong hash, and CRCs have a well-understood mathematical basis. I presume this would be insufficient for deriving independent keys, but perhaps there is a way to do that with careful selection of the CRC polys? -- The driving force behind innovation is sublimation. -><- <URL:http://www.subspacefield.org/~travis/> For a good time on my UBE blacklist, email [EMAIL PROTECTED]
Description: PGP signature