Re: my KDF vs dictionary attacks



Antony Clements wrote:
"Bryan Olson" wrote:
David Eather wrote:
To anyone else: Seriously I want some feedback, was what I posted to difficult / confused / obscure etc. to be useful? Yes my email address if you prefer.

Giving a specific answer to a gibbering question is tricky business.
When the OP wrote, "the salt has 1 requirement, it must encrypt into a 32 character string, no more and no less, this means that the salt has a minimum of 5 digits and a maximum of 20 digits," did you understand what
he meant? I sure didn't.

some encryption systems will give a larger output if the input is larger than a certain criteria, for example, twofish will encrypt a 5 character string into a 32 character output string,

Twofish encrypts a 16-byte plaintext block to produce 16-byte ciphertext block (16 'octets' for the formalists, or 128 bits). Various modes of operation apply Twofish to other sizes. What that has to do with your salt issue is unclear.

and it will do this as long as the input string is no more than 20 characters, it's not rocket science to figure out that different size inputs to a given algorithm will give different sized outputs

What a mess.

I have even taken the salting out of the users hands by generating a random value which is encrypted with twofish and appended to the end of the ciphertext for the program to use in decryption... this is why the output string of the encrypted salt needs to be a set size

The encrypted salt is used in decryption how? Under what key was in encrypted? Are there other keys involved that you forgot to specify?

Try defining your KDF clearly. A KDF takes secret data, non-secret data which includes a length parameter, and produces a key of the given length.


--
--Bryan
.



Relevant Pages

  • Re: my KDF vs dictionary attacks
    ... When the OP wrote, "the salt has 1 requirement, it must encrypt into a 32 character string, no more and no less, this means that the salt has a minimum of 5 digits and a maximum of 20 digits," did you understand what ... DES is a 64-bit block cipher - 8 bytes at a time. ...
    (sci.crypt)
  • md5 and crypt relations???
    ... when we use crypt in linux for a string, ... encrypt a string in windows for which i used MDDRIVER.C including ... string encrypted by md5 in windows or in linux would have salt ...
    (comp.os.linux.security)
  • Re: Please Help - Encryption Problems
    ... Creating a Salt Value ... public static string CreatePasswordHash ... return hashedPwd; ... >> Dim PwdAs String = Trim ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Please Help - Encryption Problems
    ... Creating a Salt Value ... public static string CreatePasswordHash ... return hashedPwd; ... >> Dim PwdAs String = Trim ...
    (microsoft.public.dotnet.languages.vb)
  • RE: Strange PasswordRecovery behavior?
    ... "EncryptMe" ... The password salt is used to further protect the password from attaching by ... using a random string to prefix the password before hashing it: ... #Security Briefs: Hashing Passwords, The AllowPartiallyTrustedCallers ...
    (microsoft.public.dotnet.general)