Re: SHA-1 vs. triple-DES for password encryption?
From: Ben Laurie (ben@algroup.co.uk)
Date: 11/25/02
- Previous message: George Capehart: "Re: secprog Digest 18 Nov 2002 18:35:57 -0000 Issue 113"
- In reply to: Steffen Dettmer: "Re: SHA-1 vs. triple-DES for password encryption?"
- Next in thread: Sverre H. Huseby: "Re: SHA-1 vs. triple-DES for password encryption?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 25 Nov 2002 13:52:54 +0000 From: Ben Laurie <ben@algroup.co.uk> To: Steffen Dettmer <steffen@dett.de>
Steffen Dettmer wrote:
> * David Wagner wrote on Tue, Nov 12, 2002 at 17:11 +0000:
>
>>Craig Minton wrote:
>>
>>>2. 3DES may be used to create a one-way function by using the password
>>>to encrypt some standard data.
>>
>>Watch out. This will limit the length of allowable passwords to some
>>fixed upper bound -- maybe not a good idea.
>
>
> Why that? You can do hashing with 3DES-CBC mode and AFIAK it's
> sufficient to use the last output block.
Because the key is fixed size.
Cheers,
Ben.
-- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
- Next message: John Viega: "Re: Are bad developer libraries the problem with M$ software?"
- Previous message: George Capehart: "Re: secprog Digest 18 Nov 2002 18:35:57 -0000 Issue 113"
- In reply to: Steffen Dettmer: "Re: SHA-1 vs. triple-DES for password encryption?"
- Next in thread: Sverre H. Huseby: "Re: SHA-1 vs. triple-DES for password encryption?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
