On Fri, Aug 5, 2016 at 12:07 PM, stef <s...@ctrlc.hu> wrote: > is the best one can do in such situations a naive: > > H0 = password > H_n = hash(H_n-1, device unique salt), 1<=n<max_iterations
contrary to the popular beliefs, this is actually perfectly safe. but if you want to avoid comment storm, you can opt for pbkdf2. with keccak, you can do it even easier: keccak(pwd || salt || etc || 0000..n..0000) which is practically absorbing the password and stuff, and then doing a lot of keccak-f permutations. you can also consider keccak-f[200], which is byte based. it practically supports 96 bit security level. it also has the upside that you can avoid comment storm by referring to a lecture the keccak team gave, in which they briefly present this idea. this assumes i can find it again, it was on youtube. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography