Message Hash: 66525a5ba6e79435f2e07f54359dfd7ed28de64ff337e016528783fd3c804433
Message ID: <199407041555.IAA01229@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1994-07-04 15:51:04 UTC
Raw Date: Mon, 4 Jul 94 08:51:04 PDT
From: email@example.com Date: Mon, 4 Jul 94 08:51:04 PDT To: firstname.lastname@example.org Subject: No Subject Message-ID: <199407041555.IAA01229@jobe.shell.portal.com> MIME-Version: 1.0 Content-Type: text/plain I have followed with interest this discussion of passphrase "entropy". What I'm not clear on is the effect of a hashing algorithm on the final entropy. If I come up with a "random" set of printable characters which contain 128 bits of entropy, and feed them to MD5, let's say, will I still have 128 bits of entropy on the output? Or do I need some sort of safety margin above 128 bits to "be sure"? What's lurking in the back of my mind is this -- if you enter something with LESS than 128 bits, the hashing algorithm has to "pad" or otherwise fill in the missing bits from <somewhere>. Now if I have entered a phrase with EXACTLY 128 bits of entropy, hypothetically, is that enough to have flushed the padding or whatever out of the pipeline? Can we really treat MD5 as a "magic black box", or does the optimal input require a knowledge of how the box works? .
Return to July 1994
Return to “email@example.com (Timothy C. May)”