Jill's approach to key stretching is not quite the same as the
traditional iterated hash. It imposes no cost at encryption time,
you only have to work at decryption. This might be valuable when you
want to save your files as the Gestapo is breaking down your door.
I've been working on a
Arcane Jill wrote:
... a way to make decryption more expensive ...
I think it is a neat idea. I think it is best understood as a kind of
key-stretching akin to iterated hashing of a password, as in:
Secure Applications of Low-Entropy Keys (1998)
John Kelsey, Bruce Schneier, Chris Hall,
Check PKCS #5: http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5/index.html
Steve
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Arcane Jill
Sent: Thursday, October 23, 2003 3:21 AM
To: [EMAIL PROTECTED]
Subject: Protection against offline dictionary
Yes this is a good idea, and some people thought of it before also.
Look for paper secure applications of low entropy keys or something
like that by Schnieir, Wagner et al. (on counterpane labs page I
think).
Also the PBKDF2 function defined in PKCS#5 used to convert the
password into a key
On Thu, Oct 23, 2003 at 08:20:35AM +0100, Arcane Jill wrote:
Hi,
It's possible I may be reinventing the wheel here,
Not really. You've just come down with a bad case of the PBEs. ;-)
Take a look at PKCS #5 (here's a link to version 1.5:
ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-5.asc).
