| Date: Sat, 13 Oct 2007 03:20:48 -0400 | From: Victor Duchovni [EMAIL PROTECTED] | To: firstname.lastname@example.org | Subject: Re: Quantum Crytography to be used for Swiss elections | | On Fri, Oct 12, 2007 at 11:04:15AM -0400, Leichter, Jerry wrote: | | No comment from me on the appropriateness.
Joseph Ashwood writes: On NetBSD HMAC-SHA1: There is a shortcut in the design as listed, using the non-changing password as the key allows for the optimization that a single HMAC can be keyed, then copied and reused with each seed. this shortcut actually speeds attack by a factor of 3. The
[EMAIL PROTECTED] said: I have two problems with this report. thanks for commenting on it. I pointed to it in order to see what denizens of this list might have to say about it. I'm simply curious. Also, as I'd noted, I haven't really seen any estimates of Storm's extent -- other than that
Martin James Cochran [EMAIL PROTECTED] writes: This might work, although 90% of the steps seem to unnecessarily (and perilously) complicate the algorithm. What's wrong with starting with input SALT || PASSWORD and iterating N times, where N is chosen (but variable) to make brute-force attacks
| ... What's wrong with starting | with input SALT || PASSWORD and iterating N times, | | Shouldn't it be USERID || SALT || PASSWORD to guarantee that if | two users choose the same password they get different hashes? | It looks to me like this wold make dictionary attacks harder too. As
- Original Message - From: Tero Kivinen [EMAIL PROTECTED] Sent: Monday, October 15, 2007 5:47 AM Subject: Re: Password hashing Joseph Ashwood writes: On NetBSD HMAC-SHA1: There is a shortcut in the design as listed, using the non-changing password as the key allows for the