RELEASE: Secure Edit beta 0.5
Ben.Goren at asu.edu
Ben.Goren at asu.edu
Thu Jan 12 17:33:12 PST 1995
At 5:18 PM 1/12/95, Tom Bryce wrote:
>[. . .]
>* the salt is concatenated with MD5[passphrase] many times and this
>concatenated string hashed to generate the 'session key' for the file
>from your pass phrase. The number of times it is concatenated is
>calibrated to make it take about half a second - not a big performance
>loss, but it makes brute force attack of weak passphrases up to
>thousands of times more costly.
>[. . . .]
This is only going to work if MD5 is not a "group"--that is, if there is no
simple algorithm which is equivialent to md5(md5(x)). I doubt that's been
proven.
Rather, you'd be better off using DES in any of the ways that Schneir
describes (page 338 and following) and reiterate that many times.
b&
--
Ben.Goren at asu.edu, Arizona State University School of Music
Finger ben at tux.music.asu.edu for PGP public key ID 0xCFF23BD5.
More information about the cypherpunks-legacy
mailing list