At 5:18 PM 1/12/95, Tom Bryce wrote:

[. . .] * the salt is concatenated with MD5[passphrase] many times and this concatenated string hashed to generate the 'session key' for the file from your pass phrase. The number of times it is concatenated is calibrated to make it take about half a second - not a big performance loss, but it makes brute force attack of weak passphrases up to thousands of times more costly. [. . . .]

This is only going to work if MD5 is not a "group"--that is, if there is no simple algorithm which is equivialent to md5(md5(x)). I doubt that's been proven. Rather, you'd be better off using DES in any of the ways that Schneir describes (page 338 and following) and reiterate that many times. b& -- Ben.Goren@asu.edu, Arizona State University School of Music Finger ben@tux.music.asu.edu for PGP public key ID 0xCFF23BD5.