Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: passwd hashing algorithm
From: rfb () lehman com (Rick Busdiecker)
Date: Fri, 14 Apr 1995 12:30:05 -0400


    From: Adam Shostack <adam () bwh harvard edu>
    Date: Thu, 13 Apr 1995 13:23:03 -0400 (EDT)

    Doing to 3des means you (roughly) triple the attack time, which
    means that in about 2 years, we'll be back where we are today.

This does not fit with my understanding of 3DES.  I thought that 3DES
effectively tripled the key size, i. e. you have to derive three DES
keys simultaneously in order to crack.  This should make the attack
time significantly greater than 3 times the DES attack time.  If it is
merely the case of deriving three keys independently, 3DES is already
useless.  Since people often compare the security of 3DES to IDEA, I
don't think that this is the case.

                        Rick



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]