Re: Newbie question: best algorithm for keyword-based password generation



On Aug 13, 5:51 pm, Carsten Krueger <cakru...@xxxxxxxxx> wrote:
Am Tue, 11 Aug 2009 16:58:33 -0700 (PDT) schrieb berzerk3K:

[master_key] - input: any unicode phrase
[keyword] - input: any unicode phrase
[password] - output: generated password, 10 characters: a-z, A-Z, 0-9

1. [password] must always be the same for specific combination of
[master_key] and [keyword]
2. [password] is a mixture of letters and numbers, for example:
zp9BLtFWNh
3. if someone discovers [password] and [keyword], it must be
incredibly hard to discover [master_key]

Would you be so kind and tell me which algorithm(s) is the best for
this case?

const iteration_count = 1000.000
var hashed=masterkey
for i=1 to iteration_count do
  hashed=secure_hash_function(keyword||hashed);
password=map_hash_to_alphabet(hashed);

iteration_count should be so big that your pc needs one second to compute
the hash. secure_hash_function could be for example SHA512.

Why not just use a standard like PKCS #5 to achieve this?

And why must someone use SHA-512? What properties of SHA-512 are not
found in [say] SHA-256 or SHA-1 that would render it less secure?

Tom
.



Relevant Pages

  • Re: display array values in a label
    ... Specify the names and types of the parameters and the type of method ... followed by var;, const, begin end; as ... MyConst = MyConstValue; ...
    (comp.lang.pascal.delphi.misc)
  • Re: FP params
    ... compiler magic function. ... difference between squaring a const and squaring the same var. ... 0: (ExtendedValue: Extended); ...
    (borland.public.delphi.language.basm)
  • Re: TBitmap - how to copy an "object"
    ... Image1: TImage; ... > const X, Y: TCoordinate; ...
    (comp.lang.pascal.delphi.misc)
  • Re: TBitmap - how to copy an "object"
    ... NewImage: TImage; ... (var Image: TImage; ... const NewColour: TColour); ...
    (comp.lang.pascal.delphi.misc)
  • Re: A little test
    ... that because of extension implemented by SpiderMonkey - ... Safari browser ES implementation has [const] support, ... looks like a lazy patch against spoofing the navigator sniffing ... var navigator = something; ...
    (comp.lang.javascript)