Re: Newbie question: best algorithm for keyword-based password generation



On Aug 13, 5:51 pm, Carsten Krueger <cakru...@xxxxxxxxx> wrote:
Am Tue, 11 Aug 2009 16:58:33 -0700 (PDT) schrieb berzerk3K:

[master_key] - input: any unicode phrase
[keyword] - input: any unicode phrase
[password] - output: generated password, 10 characters: a-z, A-Z, 0-9

1. [password] must always be the same for specific combination of
[master_key] and [keyword]
2. [password] is a mixture of letters and numbers, for example:
zp9BLtFWNh
3. if someone discovers [password] and [keyword], it must be
incredibly hard to discover [master_key]

Would you be so kind and tell me which algorithm(s) is the best for
this case?

const iteration_count = 1000.000
var hashed=masterkey
for i=1 to iteration_count do
  hashed=secure_hash_function(keyword||hashed);
password=map_hash_to_alphabet(hashed);

iteration_count should be so big that your pc needs one second to compute
the hash. secure_hash_function could be for example SHA512.

Why not just use a standard like PKCS #5 to achieve this?

And why must someone use SHA-512? What properties of SHA-512 are not
found in [say] SHA-256 or SHA-1 that would render it less secure?

Tom
.