Joseph Ashwood writes:
> On NetBSD HMAC-SHA1:
> There is a shortcut in the design as listed, using the non-changing password
> as the key allows for the optimization that a single HMAC can be keyed, then
> copied and reused with each seed. this shortcut actually speeds attack by a
> factor of 3.
- Original Message -
From: "Tero Kivinen" <[EMAIL PROTECTED]>
Sent: Monday, October 15, 2007 5:47 AM
Subject: Re: Password hashing
Joseph Ashwood writes:
On NetBSD HMAC-SHA1:
There is a shortcut in the design as listed, using the non-changing
password
as the key allows for the optimi
[EMAIL PROTECTED] said:
> I have two problems with this report.
thanks for commenting on it. I pointed to it in order to see what denizens of
this list might have to say about it. I'm simply curious.
Also, as I'd noted, I haven't really seen any estimates of Storm's extent --
other than that a
| Date: Sat, 13 Oct 2007 03:20:48 -0400
| From: Victor Duchovni <[EMAIL PROTECTED]>
| To: cryptography@metzdowd.com
| Subject: Re: Quantum Crytography to be used for Swiss elections
|
| On Fri, Oct 12, 2007 at 11:04:15AM -0400, Leichter, Jerry wrote:
|
| > No comment from me on the appropriatenes
| > ... What's wrong with starting
| > with input SALT || PASSWORD and iterating N times,
|
| Shouldn't it be USERID || SALT || PASSWORD to guarantee that if
| two users choose the same password they get different hashes?
| It looks to me like this wold make dictionary attacks harder too.
As
Martin James Cochran <[EMAIL PROTECTED]> writes:
>This might work, although 90% of the steps seem to unnecessarily (and
>perilously) complicate the algorithm. What's wrong with starting with input
>SALT || PASSWORD and iterating N times, where N is chosen (but variable) to
>make brute-force attac