-----BEGIN PGP SIGNED MESSAGE-----
Ben Laurie wrote:
>
> OK, so if I've got a passphrase of arbitrary length, and I wish to
> condense it to make a key of length n bits (n > 160), what's the
> approved method(s) of doing that?
>
> I assume it goes without saying that we wish to preserve as much entropy
> as we can, but I'll say it anyway.
>
Long ago, I had the same problem, and after much discussion about
preserving entropy, I formulated (for Photuris):
H(s,p1) || H(s,s,p2) || H(s,s,s,p3) ...
Thus, the entropy from secret (s) is reintroduced in every hash.
The MD padding (p) has a count of the number of bits (better than a
leading counter).
The code is easy and pretty efficient (just copy the intermediate
result before xxxFinal).
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1
iQCVAwUBOU7o49m/qMj6R+sxAQG0vAP9FuERLONf4dhDMgZuRROcoChVNisIkVw8
c/dhZtsicot5DDM7Rl2tUcu1uTePQ35Bj19Wf8/MBePYtqAP4J7DU3YRLsYmKCh+
2vcQLQCInoJ9cDyXr5m8ywUj/2u6GFVjofbmG8/uxV6qekqs2LE0mohXeDCL8MVd
oSpNcQdUF1k=
=TMlr
-----END PGP SIGNATURE-----
