Hosting Provided By

Re: SHA-1 vs. triple-DES for password encryption?

From: David Wagner <daw(at)mozart.cs.berkeley.edu>
Date: Mon Nov 11 2002 - 11:32:35 EST

Oscar Batyrbaev wrote:
>1. truncating to 8 bytes will increase the hazard from the "birthday" paradox;
>Thus The risk is not 2^64 as was suggested earlier but about 2^32 that the
>birthday attack succeeds with probability 0.5 or 50%. The risk is too high even
>when you deal with passwords.

This is completely wrong. Birthday attacks are basically irrelevant when we hash passwords. Hint: the Unix password hash has only 64 bits of output; have you ever seen anyone use a birthday attack on it?

>2. Why not use MD5? It is significantly faster (about 5 times) than

This is bad advice. Almost all cryptographers I know recommend using SHA-1 over MD5 in new designers, where possible. Received on Mon Nov 11 12:15:20 2002

This message: [ Message body ]
Next message: Jeremy Epstein: "RE: SHA-1 vs. triple-DES for password encryption?"
Previous message: John Viega: "Re: SHA-1 vs. triple-DES for password encryption?"
In reply to Oscar Batyrbaev: "RE: SHA-1 vs. triple-DES for password encryption?"
Reply: Jonathan Wilkins: "RE: SHA-1 vs. triple-DES for password encryption?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:44 EDT