Thinking out loud; One reason why PBKDF2 requires the original password is so that you don't repeatedly hash the same thing, and end up a "short cycle", where e.g. hash(x) = x. At that point, repeated iterations don't do anything.
I just realized, you don't necessarily need to put the original password in; you could just hash something else that varies to keep it out of a short cycle; for example, the round number. This would allow you to update an iteration count post-facto without knowing the original password. Would it break any security goals? -- http://www.subspacefield.org/~travis/ "We are all puppets; I am just a puppet who can see the strings." -- Dr. Manhattan
pgp86hUBwH5vP.pgp
Description: PGP signature
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
