Hosting Provided By

Re: SHA-1 vs. triple-DES for password encryption?

From: Ben Laurie <ben(at)algroup.co.uk>
Date: Mon Nov 25 2002 - 08:52:54 EST

Steffen Dettmer wrote:
> * David Wagner wrote on Tue, Nov 12, 2002 at 17:11 +0000:

>>Craig Minton  wrote:
>>
>>>2.  3DES may be used to create a one-way function by using the password
>>>to encrypt some standard data.
>>
>>Watch out.  This will limit the length of allowable passwords to some
>>fixed upper bound -- maybe not a good idea.

>
>
> Why that? You can do hashing with 3DES-CBC mode and AFIAK it's
> sufficient to use the last output block.

Because the key is fixed size.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       
http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Received on Mon Nov 25 16:17:31 2002

This message: [ Message body ]
Next message: John Viega: "Re: Are bad developer libraries the problem with M$ software?"
Previous message: George Capehart: "Re: secprog Digest 18 Nov 2002 18:35:57 -0000 Issue 113"
In reply to Steffen Dettmer: "Re: SHA-1 vs. triple-DES for password encryption?"
Next in thread: Sverre H. Huseby: "Re: SHA-1 vs. triple-DES for password encryption?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:44 EDT