Re: SHA-1 vs. triple-DES for password encryption?

From: Ben Laurie (ben@algroup.co.uk)
Date: 11/25/02

  • Next message: John Viega: "Re: Are bad developer libraries the problem with M$ software?"
    Date: Mon, 25 Nov 2002 13:52:54 +0000
    From: Ben Laurie <ben@algroup.co.uk>
    To: Steffen Dettmer <steffen@dett.de>
    
    

    Steffen Dettmer wrote:
    > * David Wagner wrote on Tue, Nov 12, 2002 at 17:11 +0000:
    >
    >>Craig Minton wrote:
    >>
    >>>2. 3DES may be used to create a one-way function by using the password
    >>>to encrypt some standard data.
    >>
    >>Watch out. This will limit the length of allowable passwords to some
    >>fixed upper bound -- maybe not a good idea.
    >
    >
    > Why that? You can do hashing with 3DES-CBC mode and AFIAK it's
    > sufficient to use the last output block.

    Because the key is fixed size.

    Cheers,

    Ben.

    -- 
    http://www.apache-ssl.org/ben.html       http://www.thebunker.net/
    "There is no limit to what a man can do or how far he can go if he
    doesn't mind who gets the credit." - Robert Woodruff
    


    Relevant Pages

    • Re: SHA-1 vs. triple-DES for password encryption?
      ... >to encrypt some standard data. ... Watch out. ... You omitted the fact that it may be better to avoid using passwords ...
      (SecProg)
    • Re: SHA-1 vs. triple-DES for password encryption?
      ... > Craig Minton wrote: ... >>to encrypt some standard data. ...
      (SecProg)
    • Re: simple text encrypt / decrypt
      ... Anyone have a simple VBScript that will take input and ... > encrypt it and/or decrypt it? ... Watch for word-wrap. ...
      (microsoft.public.scripting.vbscript)
    • Re: OT: Securing your P2P Questions
      ... Is forcing your P2P program to encrypt its data sessions actually worthwhile? ... On a slightly different but related note, and the reason I decided to post this, has anyone here watched the series Reaper? ... Reaper has been cancelled, so if you don't mind series that don't really have an "ending", its an okay one to watch. ...
      (comp.sys.ibm.pc.games.rpg)
    • Your Boss Is Keeping A Watch On Your Emails!!!
      ... Your Boss Is Keeping A Watch On Your Emails!!! ... Find out why and how you should encrypt your confidential emails before ... in my website ...
      (alt.politics)