Re: SHA-1 vs. triple-DES for password encryption?

From: Ben Laurie (
Date: 11/25/02

  • Next message: John Viega: "Re: Are bad developer libraries the problem with M$ software?"
    Date: Mon, 25 Nov 2002 13:52:54 +0000
    From: Ben Laurie <>
    To: Steffen Dettmer <>

    Steffen Dettmer wrote:
    > * David Wagner wrote on Tue, Nov 12, 2002 at 17:11 +0000:
    >>Craig Minton wrote:
    >>>2. 3DES may be used to create a one-way function by using the password
    >>>to encrypt some standard data.
    >>Watch out. This will limit the length of allowable passwords to some
    >>fixed upper bound -- maybe not a good idea.
    > Why that? You can do hashing with 3DES-CBC mode and AFIAK it's
    > sufficient to use the last output block.

    Because the key is fixed size.



    "There is no limit to what a man can do or how far he can go if he
    doesn't mind who gets the credit." - Robert Woodruff