| Date: Sat, 13 Oct 2007 03:20:48 -0400
| From: Victor Duchovni [EMAIL PROTECTED]
| To: cryptography@metzdowd.com
| Subject: Re: Quantum Crytography to be used for Swiss elections
|
| On Fri, Oct 12, 2007 at 11:04:15AM -0400, Leichter, Jerry wrote:
|
| No comment from me on the appropriateness.
Joseph Ashwood writes:
On NetBSD HMAC-SHA1:
There is a shortcut in the design as listed, using the non-changing password
as the key allows for the optimization that a single HMAC can be keyed, then
copied and reused with each seed. this shortcut actually speeds attack by a
factor of 3. The
[EMAIL PROTECTED] said:
I have two problems with this report.
thanks for commenting on it. I pointed to it in order to see what denizens of
this list might have to say about it. I'm simply curious.
Also, as I'd noted, I haven't really seen any estimates of Storm's extent --
other than that
Martin James Cochran [EMAIL PROTECTED] writes:
This might work, although 90% of the steps seem to unnecessarily (and
perilously) complicate the algorithm. What's wrong with starting with input
SALT || PASSWORD and iterating N times, where N is chosen (but variable) to
make brute-force attacks
| ... What's wrong with starting
| with input SALT || PASSWORD and iterating N times,
|
| Shouldn't it be USERID || SALT || PASSWORD to guarantee that if
| two users choose the same password they get different hashes?
| It looks to me like this wold make dictionary attacks harder too.
As
- Original Message -
From: Tero Kivinen [EMAIL PROTECTED]
Sent: Monday, October 15, 2007 5:47 AM
Subject: Re: Password hashing
Joseph Ashwood writes:
On NetBSD HMAC-SHA1:
There is a shortcut in the design as listed, using the non-changing
password
as the key allows for the