1994-07-04 - No Subject

Header Data

From: nobody@shell.portal.com
To: cypherpunks@toad.com
Message Hash: 66525a5ba6e79435f2e07f54359dfd7ed28de64ff337e016528783fd3c804433
Message ID: <199407041555.IAA01229@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1994-07-04 15:51:04 UTC
Raw Date: Mon, 4 Jul 94 08:51:04 PDT

Raw message

From: nobody@shell.portal.com
Date: Mon, 4 Jul 94 08:51:04 PDT
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <199407041555.IAA01229@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain

I have followed with interest this discussion of passphrase
"entropy".  What I'm not clear on is the effect of a hashing 
algorithm on the final entropy.  If I come up with a "random" set 
of printable characters which contain 128 bits of entropy, and 
feed them to MD5, let's say, will I still have 128 bits of 
entropy on the output?  Or do I need some sort of safety margin 
above 128 bits to "be sure"?

What's lurking in the back of my mind is this -- if you enter 
something with LESS than 128 bits, the hashing algorithm has to 
"pad" or otherwise fill in the missing bits from <somewhere>.  
Now if I have entered a phrase with EXACTLY 128 bits of entropy, 
hypothetically, is that enough to have flushed the padding or 
whatever out of the pipeline?

Can we really treat MD5 as a "magic black box", or does the 
optimal input require a knowledge of how the box works?