Travis H. wrote:
So I was reading about the OTP system (based on S/Key) described in RFC
2289.
It basically hashes a secret several times (with salt to individualize
it) and stores
the value that the correct password will hash to.
Now my question is, if we restrict ourselves to, say,
At 19:13 -0500 2006/10/17, Travis H. wrote:
So I was reading about the OTP system (based on S/Key) described in RFC 2289.
It basically hashes a secret several times (with salt to individualize
it) and stores
the value that the correct password will hash to.
Now my question is, if we restrict
Travis H. wrote:
So I was reading about the OTP system (based on S/Key) described in RFC
2289.
It basically hashes a secret several times (with salt to individualize
it) and stores
the value that the correct password will hash to.
Now my question is, if we restrict ourselves to, say, 160-bit
On Wed, Oct 18, 2006 at 12:00:41AM -0400, Victor Duchovni wrote:
Hash functions are supposed to be pseudo-random. For a 160 bit hash In
an input set of 2^80 elements we should expect to find a collision...
If we iterate from a random starting point we expect to enter a cycle
of length ~2^79
So I was reading about the OTP system (based on S/Key) described in RFC 2289.
It basically hashes a secret several times (with salt to individualize
it) and stores
the value that the correct password will hash to.
Now my question is, if we restrict ourselves to, say, 160-bit inputs, is SHA-1
a