1994-07-06 - Re: Secure Drive insecure? NOT

Header Data

From: Roger Bryner <bryner@atlas.chem.utah.edu>
To: Mike Ingle <MIKEINGLE@delphi.com>
Message Hash: 818a175f8b6734af245b581d3b7015784cd6a15ca8c41c361a16efcb57c7e179
Message ID: <Pine.3.89.9407061121.A17510-0100000@atlas.chem.utah.edu>
Reply To: <01HEDB6B0KIQ8Y70EA@delphi.com>
UTC Datetime: 1994-07-06 17:42:32 UTC
Raw Date: Wed, 6 Jul 94 10:42:32 PDT

Raw message

From: Roger Bryner <bryner@atlas.chem.utah.edu>
Date: Wed, 6 Jul 94 10:42:32 PDT
To: Mike Ingle <MIKEINGLE@delphi.com>
Subject: Re: Secure Drive insecure? NOT
In-Reply-To: <01HEDB6B0KIQ8Y70EA@delphi.com>
Message-ID: <Pine.3.89.9407061121.A17510-0100000@atlas.chem.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 6 Jul 1994, Mike Ingle wrote:
> BZZZT! Read the code...
>   MD5Update(&md5buf,pass1,strlen(pass1));   <----------| I wonder what
Gee, thanks for leting me play, do I get a consolation prize?:-)

Let me think, I still don't see any proof that this does not loose 
entropy, and it could, as if the two parts are not independent of each other.

As soon as you start making a feedback machene, you have no guarentee 
that this is a maximal unless there is no state that is imediatly 
preceeded by two other states.

Simply throwing a lot of stuff at a password is no substitute for a proof 
that the transformation does not loose entropy, which is available if you 
use an encryption algorithim for the last 1023 transformations, and a 
hash function only for the first one.

Sorry to be a pain.

Roger.





Thread