Joseph Ashwood writes:
On NetBSD HMAC-SHA1:
There is a shortcut in the design as listed, using the non-changing password
as the key allows for the optimization that a single HMAC can be keyed, then
copied and reused with each seed. this shortcut actually speeds attack by a
factor of 3. The
Martin James Cochran [EMAIL PROTECTED] writes:
This might work, although 90% of the steps seem to unnecessarily (and
perilously) complicate the algorithm. What's wrong with starting with input
SALT || PASSWORD and iterating N times, where N is chosen (but variable) to
make brute-force attacks
| ... What's wrong with starting
| with input SALT || PASSWORD and iterating N times,
|
| Shouldn't it be USERID || SALT || PASSWORD to guarantee that if
| two users choose the same password they get different hashes?
| It looks to me like this wold make dictionary attacks harder too.
As
- Original Message -
From: Tero Kivinen [EMAIL PROTECTED]
Sent: Monday, October 15, 2007 5:47 AM
Subject: Re: Password hashing
Joseph Ashwood writes:
On NetBSD HMAC-SHA1:
There is a shortcut in the design as listed, using the non-changing
password
as the key allows
Just combining several of my thoughts into a single email.
On the Red Hat proposal:
Why does every undereducated person believe that complexity==security? It is
far better to rely on little things called proofs. There are several
proofs out there with significant impact on this. In particular
Steven M. Bellovin wrote:
On Thu, 11 Oct 2007 22:19:18 -0700
james hughes [EMAIL PROTECTED] wrote:
A proposal for a new password hashing based on SHA-256 or SHA-512 has
been proposed by RedHat but to my knowledge has not had any rigorous
analysis. The motivation for this is to replace MD-5
- Original Message -
From: Jim Gellman [EMAIL PROTECTED]
To: Joseph Ashwood [EMAIL PROTECTED]
Cc: Cryptography cryptography@metzdowd.com
Sent: Saturday, October 13, 2007 1:25 PM
Subject: Re: Password hashing
I'm not sure I follow your notation. Are you saying that IV[n] is the
n'th
This does not extend the discussion at hand, but it might be useful to
some here who may have to deal with FIPS 140-2.
On 13 Oct 2007 09:32:44 +1000, Damien Miller wrote:
Some comments:
* Use of an off-the-shelf algorithm like SHA1 might be nice for tick here
for FIPS certification, but
I forgot to add the links...
http://people.redhat.com/drepper/sha-crypt.html
http://people.redhat.com/drepper/SHA-crypt.txt
On Oct 11, 2007, at 10:19 PM, james hughes wrote:
A proposal for a new password hashing based on SHA-256 or SHA-512
has been proposed by RedHat but to my
On Thu, 11 Oct 2007 22:19:18 -0700
james hughes [EMAIL PROTECTED] wrote:
A proposal for a new password hashing based on SHA-256 or SHA-512 has
been proposed by RedHat but to my knowledge has not had any rigorous
analysis. The motivation for this is to replace MD-5 based password
hashing at
I would have thought PBKDF2 would be the obvious, standardized (PKCS
#5 / RFC 2898) and designed for purpose method to derive a key from a
password. PBKDF2 would typically be based on HMAC-SHA1.
Should be straight-forward to use PBKDF2 with HMAC-SHA-256 instead for
larger key sizes, or for
11 matches
Mail list logo