Re: Hashing methods for giant keys

From: AE (hidden@nospam.com)
Date: 03/23/03 

From: AE <hidden@nospam.com>
Date: Sun, 23 Mar 2003 21:54:01 +0100

lurker wrote:
> ...
> The entropy in an 80 character passphrase would be largely wasted if
> hashed to a single 56 bit DES keyspace.
>
> How many unique output hash results can there be in the digest of SHA
> 512?

There are (quite obviously) 2^512 possible output values - this is a
number with 154 decimal digits.

A passphrase of 80 characters is likely to consist of plain english (or
whatever language you are using) text - or it consists of random
characters that are written down which means you are anyway in trouble.

English text contains about 1.4 bit of enthropy per character - which
means your 80 characters can be compressed to about 112bit without
losing strength of the resulting key.

In this case the 128 bit output of MD5 are by far sufficient.

As long as your passphrase is not longer than 300 characters SHA-512 or
whirlpool will be good enough.

Anyway if you are bothered about a key of only 128 bit you are expecting
problems at the wrong place: There are always other, easier ways to
break your system than running a brute-force-attack on a 128 bit key.

> I am assuming that long strings are parsed into equal length input
> segments before hashing. Could you use eight MD5 digests in place of
> one SHA 512 digest to create an equivalent compound key?

In case you have to fill a larger buffer with key-material you can
always re-hash your password using the last output as starting value.

AE

Relevant Pages

  • Re: Hashing methods for giant keys
    ... >> How many unique output hash results can there be in the digest of SHA ... >characters that are written down which means you are anyway in trouble. ... I am using the passphrase to protect a key file. ... digits worth of entropy in them. ...
    (sci.crypt)
  • RE: ADS Password Storage Protection
    ... reason many organizations recommend a complex password but only up to 8 ... characters long is because many unix systems don't support a password ... complex for dictionary attack and other similar reasons. ... not want the passphrase to appear in, I would exclude a popular book of ...
    (Security-Basics)
  • Re: ALERT: WPA isnt necessarily secure
    ... WPA-PSK is vulnerable to offline attack. ... USE A PASSPHRASE WITH MORE THAN 20 CHARACTERS. ... USE MORE THAN 32 CHARACTERS. ...
    (alt.internet.wireless)
  • RE: [Full-Disclosure] Senior M$ member says stop using passwords completely!
    ... the cracker best know that it is a passphrase versus a password ... characters which will take a while or use some fairly large tables. ... through the policy. ... this legacy support really hurts MS'es attempts to get more secure. ...
    (Full-Disclosure)
  • Re: Pb w/ text i/p to ssh-keygen on openSUSE
    ... for saving the key - but hits a pb after the "Enter passphrase (empty ... even knowing the number of characters compromises security too much. ... Knowing the number of characters is a security hole, indeed, and knowing ...
    (uk.comp.os.linux)
Quantcast