Date: Mon, 3 May 1999 16:18:29 -0400 (EDT) From: andrewr <andrewr@slack.net> To: Adam Shostack <adam@homeport.org> Cc: David Mazieres <dm@reeducation-labor.lcs.mit.edu>, phk@critter.freebsd.dk, peter.jeremy@auss2.alcatel.com.au, freebsd-security@FreeBSD.ORG, provos@openbsd.org Subject: Re: Blowfish/Twofish Message-ID: <Pine.NEB.3.96.990503161609.9391A-100000@brooklyn.slack.net> In-Reply-To: <19990503155204.A28374@weathership.homeport.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 3 May 1999, Adam Shostack wrote: > > If you want to use any other construction, you'll need to > analyze time issues, including brute force timing. It seems likely > that using md5 would require a bunch of iterations. You could > probably use fewer iterations of SHA-1, and yet fewer with RIPEMD-160 > to absorb the same amount of attacker CPU time. The multiple iterations is something that is *very* necesary and I agree with you on.. Take ssh, from what Ive seen, in my VERY LITTLE code browsing of it, it does not seem to do many iterations at all (when dealing with ssh key), therefore not making it too great.. (if that makes any sense ;). However, bruteforce timing is something that *should* be analyzed, so I agree with you a 100%. Andrew > > Adam > > > -- > "It is seldom that liberty of any kind is lost all at once." > -Hume > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96.990503161609.9391A-100000>