Re: password derived key
From: Alan (a__l__a__n_at_hotmail.com)
Date: 04/13/05
- Next message: rleone_at_hotmail.com: "Re: Confused"
- Previous message: Jean-Luc Cooke: "Re: Crypto Mini-FAQ"
- In reply to: Alan: "Re: password derived key"
- Next in thread: mike: "Re: password derived key"
- Reply: mike: "Re: password derived key"
- Reply: Paul Rubin: "Re: password derived key"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 13 Apr 2005 16:06:03 -0400
One more thing...
"mike" wrote:
> i would still
> think using hash of user chosen message is a better way like hash("my
> #nam#e #is # al#an") with '#' after every 3 characters is a better key
> when considering basic dictionary attacks.
You're relying on a secret algorithm in addition to a secret key. The
secret algorithm (not so secret anymore since it is posted on this forum!)
is like a very simplistic hash function applied to the secret key. It is
commonly accepted (per Kerckhoff's Principle) that you should not rely on
secrecy of anything other than the key itself for security of a
cryptosystem, assuming the use of a sound crypto algorithm.
So you should focus your attention on the original choice of the pass
phrase, not on applying subsequent secret transformations to the pass
phrase. That's what the diceware approach does. It's not the only way, but
I know of none that is better. Now, remembering those diceware pass phrases
is another matter....
Alan
- Next message: rleone_at_hotmail.com: "Re: Confused"
- Previous message: Jean-Luc Cooke: "Re: Crypto Mini-FAQ"
- In reply to: Alan: "Re: password derived key"
- Next in thread: mike: "Re: password derived key"
- Reply: mike: "Re: password derived key"
- Reply: Paul Rubin: "Re: password derived key"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
