Re: passwd hashing algorithm

Rick Busdiecker (rfb@lehman.com)
Fri, 14 Apr 1995 12:30:05 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Lawrence R. Rogers: "Re: Obtaining NIS domainname from Gatorbox"
Previous message: Casper Dik: "Re: passwd hashing algorithm"
In reply to: Louis Taber: "Re: passwd hashing algorithm"
Next in thread: Adam Shostack: "Re: passwd hashing algorithm"

    From: Adam Shostack <adam@bwh.harvard.edu>
    Date: Thu, 13 Apr 1995 13:23:03 -0400 (EDT)

    Doing to 3des means you (roughly) triple the attack time, which
    means that in about 2 years, we'll be back where we are today.

This does not fit with my understanding of 3DES.  I thought that 3DES
effectively tripled the key size, i. e. you have to derive three DES
keys simultaneously in order to crack.  This should make the attack
time significantly greater than 3 times the DES attack time.  If it is
merely the case of deriving three keys independently, 3DES is already
useless.  Since people often compare the security of 3DES to IDEA, I
don't think that this is the case.

			Rick

Next message: Lawrence R. Rogers: "Re: Obtaining NIS domainname from Gatorbox"
Previous message: Casper Dik: "Re: passwd hashing algorithm"
In reply to: Louis Taber: "Re: passwd hashing algorithm"
Next in thread: Adam Shostack: "Re: passwd hashing algorithm"