Steven M. Bellovin wrote: > On Thu, 11 Oct 2007 22:19:18 -0700 > james hughes <[EMAIL PROTECTED]> wrote: > >> A proposal for a new password hashing based on SHA-256 or SHA-512 has >> been proposed by RedHat but to my knowledge has not had any rigorous >> analysis. The motivation for this is to replace MD-5 based password >> hashing at banks where MD-5 is on the list of "do not use" >> algorithms. I would prefer not to have the discussion "MD-5 is good >> enough for this algorithm" since it is not an argument that the >> customers requesting these changes are going to accept. >> > NetBSD uses iterated HMAC-SHA1, where the password is the key and the > salt is the initial plaintext. (This is my design but not my > implementation.)
+1 to iterated HMAC-xxx, where xxx is a cryptographic hash of your choosing. Easy to implement, hard to get wrong, somewhat understood security properties. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
