Re: DES key parity bits. What is the correct story?



On 11-03-06 11:33 AM, Tom St Denis wrote:
On Mar 6, 12:07 pm, g...@xxxxxxxxxxxxx (Greg Rose) wrote:

Actually, in today's terminology, it's the *top* 7
bits of each byte that determines the key, and the
parity bit is the LSB. So using ASCII characters
as a key even more drastically reduces the
keyspace than one might think.

Sort of thing PKCS #5 was invented for.

Well now that you mention PKCS #5 and are talking about handling user provided passphrases, I might seek forgiveness in advance for hijacking this thread.

I am concerned about accepting user passphrases in JavaScript. As I understand it, JS does not provide a mechanism for clearing strings from memory. So if the user entered passphrase is ever stored as a string it is easily recoverable by forcing a dump of the browser's (or whatever is running the JS)'s core.

As I see it, there are three possible "fixes"

(1) Maybe I am wrong about JavaScript memory management and that if the string is inside some object, then manipulating the object can be used to get JS to genuinely forget the string.

(2) Find a way to take user input directly into an array instead of it ever being a string.

(3) Don't use JavaScript.

I would really hope to find a solution among (1) and (2).

Cheers,

-j


--
Jeffrey Goldberg http://goldmark.org/jeff/
I rarely read HTML or poorly quoting posts
Reply-To address is valid
.



Relevant Pages

  • Re: Getting Starting in JavaScript et al
    ... To date I have had three epiphanies where I have suddenly "got" javascript and realized how utterly diffident my previous understanding of the subject had been. ... Identifying and understanding the types of values that javascript uses; that there are 5 primitive data types (boolean, number, string, null and the undefined type). ... tab would then contain the tab character, ... Javascript has escape sequences that start with a backslash, but there are a number of types. ...
    (comp.lang.javascript)
  • Re: Dynamic variable names
    ... In Javascript, being "object" oriented, you can access every element ... For instance knowing that a variable is named foo ... string, If a string, it should gon in between quotes. ... ALSO out of the window object, if a variable belongs to it. ...
    (comp.lang.javascript)
  • Re: UTF8 conversion
    ... Unicode characters. ... Javascript as it represents a string of bytes (it represents ... a string of characters through recode with UTF8 as an output ...
    (comp.lang.javascript)
  • Re: Implicit object constructor misinterpretation
    ... In Javascript, being an identifier is a tokenization concept. ... The concept of "string literal" is again a tokenization/parsing ... String literals are sequences of characters flanked by either ...
    (comp.lang.javascript)
  • Re: Why jQuery will never work for mobile
    ... I don't have significant experience with using such APIs ... string values, then a wish list item to pass a RegExp instead can be ... full CSS selector instead of a host object reference must be considered a ... Prototype.js was written by people who don't know javascript for people ...
    (comp.lang.javascript)