Prev: CFP DATA MINING 2010: new date - until 29 March 2010
Next: A link to a news on SSL
From: bmearns on 29 Mar 2010 08:47
On Mar 28, 8:25 pm, Maaartin <grajc...(a)seznam.cz> wrote:
[snip]
>
> Is there any reason against using some better iteration, I mean
> instead of
>
> key = hash(password + salt); manyTimes {key = hash(key);}
>
> using something like
>
> key = hash(password + salt); manyTimes {key = hash(key + password +
> salt);}
>
> or maybe (in order to get timings independent of the password length)
>
> key0 = hash(password + salt); key = key0; manyTimes {key = hash(key +
> key0);}

That's exactly what I was thinking, as well. As far as I can see, this
would retain the entropy of the key (more or less), but still
introduce significant cost to an attack. Is that an accurate
assessment?

-Brian
From: bmearns on 30 Mar 2010 08:35
Can you please stop hijacking this thread. Your conversation is only
loosely related to the original conversation and the only reason the
topic changed was because Paul Rubin hijacked it initially. It'd be
nice if you moved this to a separate thread.

Thanks,
-Brian
First  |  Prev  | 
Pages: 1 2 3
Prev: CFP DATA MINING 2010: new date - until 29 March 2010
Next: A link to a news on SSL