Re: SHA-1 vs. triple-DES for password encryption?

From: Ben Laurie (ben@algroup.co.uk)
Date: 11/25/02

  • Next message: John Viega: "Re: Are bad developer libraries the problem with M$ software?"
    Date: Mon, 25 Nov 2002 13:52:54 +0000
    From: Ben Laurie <ben@algroup.co.uk>
    To: Steffen Dettmer <steffen@dett.de>
    
    

    Steffen Dettmer wrote:
    > * David Wagner wrote on Tue, Nov 12, 2002 at 17:11 +0000:
    >
    >>Craig Minton wrote:
    >>
    >>>2. 3DES may be used to create a one-way function by using the password
    >>>to encrypt some standard data.
    >>
    >>Watch out. This will limit the length of allowable passwords to some
    >>fixed upper bound -- maybe not a good idea.
    >
    >
    > Why that? You can do hashing with 3DES-CBC mode and AFIAK it's
    > sufficient to use the last output block.

    Because the key is fixed size.

    Cheers,

    Ben.

    -- 
    http://www.apache-ssl.org/ben.html       http://www.thebunker.net/
    "There is no limit to what a man can do or how far he can go if he
    doesn't mind who gets the credit." - Robert Woodruff