Re: 307 digit number factored

2007-10-13 Thread James A. Donald
| AFAIK, the only advantage of ECC is that the keys are | shorter. The disadvantage is that it isn't as well | studied. | James A. Donald: | On past performance, elliptic curves are safer than | integers. From time to time, integer based asymmetric | encryption is abruptly and

Re: Password hashing

2007-10-13 Thread Joseph Ashwood
Just combining several of my thoughts into a single email. On the Red Hat proposal: Why does every undereducated person believe that complexity==security? It is far better to rely on little things called proofs. There are several proofs out there with significant impact on this. In particular

Re: Password hashing

2007-10-13 Thread Ben Laurie
Steven M. Bellovin wrote: On Thu, 11 Oct 2007 22:19:18 -0700 james hughes [EMAIL PROTECTED] wrote: A proposal for a new password hashing based on SHA-256 or SHA-512 has been proposed by RedHat but to my knowledge has not had any rigorous analysis. The motivation for this is to replace MD-5

Re: Password hashing

2007-10-13 Thread Joseph Ashwood
- Original Message - From: Jim Gellman [EMAIL PROTECTED] To: Joseph Ashwood [EMAIL PROTECTED] Cc: Cryptography cryptography@metzdowd.com Sent: Saturday, October 13, 2007 1:25 PM Subject: Re: Password hashing I'm not sure I follow your notation. Are you saying that IV[n] is the n'th

Re: Password hashing

2007-10-13 Thread lists
This does not extend the discussion at hand, but it might be useful to some here who may have to deal with FIPS 140-2. On 13 Oct 2007 09:32:44 +1000, Damien Miller wrote: Some comments: * Use of an off-the-shelf algorithm like SHA1 might be nice for tick here for FIPS certification, but