Thanks for the in-depth reply Chris. Sometimes we are not in a position to solve systemic problems; our boss comes to us and says, "hey, what should we use for the passwords, knowing that we'll never be able to get all our users to log in again?" And it gets you thinking. Sure, there may be other weak points that could be addressed by someone with a bigger scope and responsibility, but sometimes you just try to come up with the best solution you can for your little niche, so that it's not the weakest link (not just now, but until it is replaced - which I generally want to be as far in the future as is feasible).
It seems there are a few technical answers: 0) Use an invertible function. Not really a solution IMHO. 1) Use a really big hash and deal with state reduction caused by the fact that it is a random function, and thus not likely to be injective (one-to-one). 2) Use a one-way permutation instead of a one-way random function as the center of your PBKDF2-style thingamabob. Really all you need is for it to be injective, but if it's not surjective (onto), you end up with bigger outputs than inputs, so it seems reasonable to make it length-preserving (bijective). I see lots of theory on OWPs but not much practical stuff - with the exception of most PK relying on OWPs (namely, generators). I wonder if there are more efficient non-trapdoor OWPs. Technically, having it take a bit in the forward direction could be okay, as long as it's not vastly too long for the application, and inverting isn't feasible, since the whole point of using the thingamabob in the first place is to slow down brute force attacks. -- I find your ideas intriguing and would like to subscribe to your newsletter. My emails do not have attachments; it's a digital signature that your mail program doesn't understand. | http://www.subspacefield.org/~travis/ If you are a spammer, please email j...@subspacefield.org to get blacklisted.
pgpaIJSiiGxy3.pgp
Description: PGP signature
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
