What is the accepted way to derive several keys from a user-supplied input?
Or, can you see anything wrong by prepending a counter to the passphrase
and hashing it to create derived keys?
k_n = hash(n || passphrase)
I suppose a faster system would involve using hash(passphrase) as the
key and
First, I found this interesting site by John Savard which discusses
the various crypto designs since... well, since pencil and paper
systems. Notable is the detailed discussion of the declassified
SIGABA machine:
http://www.quadibloc.com/crypto/jscrypt.htm
Next, can anyone point me in the
--
Kuehn, Ulrich wrote:
However, this is the big problem with the TPM
according to the TCG spec. While you can remotely
verify that the system came up according to what you
installed there, you have no means to force it to
either come up the way you want, or to be in a clear
error
Hi all,
It occured to me that there is a half-decent way to avoid weak keys in
algorithms
when it is undesirable or impossible to prompt the user for a
different passphrase.
It is even field-upgradable if new weak keys are found.
Basically, instead of using the hash of the passphrase up front,
Adam Back wrote:
So the part about being able to detect viruses, trojans and attest
them between client-server apps that the client and server have a
mutual interest to secure is fine and good.
The bad part is that the user is not given control to modify the hash
and attest as if it were