[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RELEASE: Secure Edit beta 0.5



At 5:18 PM 1/12/95, Tom Bryce wrote:
>[. . .]
>* the salt is concatenated with MD5[passphrase] many times and this
>concatenated string hashed to generate the 'session key' for the file
>from your pass phrase. The number of times it is concatenated is
>calibrated to make it take about half a second - not a big performance
>loss, but it makes brute force attack of weak passphrases up to
>thousands of times more costly.
>[. . . .]

This is only going to work if MD5 is not a "group"--that is, if there is no
simple algorithm which is equivialent to md5(md5(x)). I doubt that's been
proven.

Rather, you'd be better off using DES in any of the ways that Schneir
describes (page 338 and following) and reiterate that many times.

b&

--
[email protected], Arizona State University School of Music
 Finger [email protected] for PGP public key ID 0xCFF23BD5.