| ...One sometimes sees claims that increasing the salt size is important.
| That's very far from clear to me. A collision in the salt between
| two entries in the password file lets you try each guess against two
| users' entries. Since calculating the guess is the hard part,
| that's a savings
On Jan 19, 2007, at 4:06 AM, Bill Stewart wrote:
[...] if you're trying to protect against KGB-skilled attacks [...]
On the other hand, if you're trying to protect against
lower-skilled attackers, [...]
I always find these arguments particularly frustrating.
By slowly raising the bar for
On Jan 18, 2007, at 6:57 PM, Saqib Ali wrote:
When is the last time you checked the code for the open source app
that you "use", to make sure that it is written properly?
30 seconds ago.
What mode is it using? How much information is encrypted under a
single key. Was the implementation FI
The IEEE P1619 standard group has dropped LRW mode. It has a
vulnerability that that are collisions that will divulge the mixing
key which will reduce the mode to ECB.
There are new mode, XTS-AES being drafted. At this time no one has
claimed that XTS-AES is patented encumbered. There is a