From: Ben.Goren@asu.edu
To: cypherpunks@toad.com
Message Hash: ccc6caa0eac8bb1197d0b9d9bc6cca15c203c1e91439204a59e268ea22700fb6
Message ID: <v02110101ab3b85b46606@[129.219.97.131]>
Reply To: N/A
UTC Datetime: 1995-01-13 01:33:12 UTC
Raw Date: Thu, 12 Jan 95 17:33:12 PST
From: Ben.Goren@asu.edu
Date: Thu, 12 Jan 95 17:33:12 PST
To: cypherpunks@toad.com
Subject: Re: RELEASE: Secure Edit beta 0.5
Message-ID: <v02110101ab3b85b46606@[129.219.97.131]>
MIME-Version: 1.0
Content-Type: text/plain
At 5:18 PM 1/12/95, Tom Bryce wrote:
>[. . .]
>* the salt is concatenated with MD5[passphrase] many times and this
>concatenated string hashed to generate the 'session key' for the file
>from your pass phrase. The number of times it is concatenated is
>calibrated to make it take about half a second - not a big performance
>loss, but it makes brute force attack of weak passphrases up to
>thousands of times more costly.
>[. . . .]
This is only going to work if MD5 is not a "group"--that is, if there is no
simple algorithm which is equivialent to md5(md5(x)). I doubt that's been
proven.
Rather, you'd be better off using DES in any of the ways that Schneir
describes (page 338 and following) and reiterate that many times.
b&
--
Ben.Goren@asu.edu, Arizona State University School of Music
Finger ben@tux.music.asu.edu for PGP public key ID 0xCFF23BD5.
Return to January 1995
Return to “Ben.Goren@asu.edu”
1995-01-13 (Thu, 12 Jan 95 17:33:12 PST) - Re: RELEASE: Secure Edit beta 0.5 - Ben.Goren@asu.edu