|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Fwd: Generation of CHAP Secrets...On Wed, 21 Aug 2002 VAHUJA@aol.com wrote: > David, > > I believe, the secret size does have a direct impact on the cryptograohic > strength of the hash. If the secret size is less than the hashed value of the > algorithm, then it makes it easier for an exhaustive search attack. For > reference, here is a quote from the CHAP RFC page 3: How is the size of the hash a magic number in terms of exhaustive search attacks? Regardless of the size of the secret, you have to hash the I value, the secret, and the challenge. I see how making the secret longer is good, but I just don't see how making the secret the size of the hash really changes the behavior. Once we say have the secret at like 96 or 128 bits, do we really NEED more? Sure, we can let folks choose more, but do we NEED it (a la we should require it)? Or do these hash functions (MD5, SHA-1) not stir all of the bits well, and thus if you don't feed in about the number of bytes in the hash you get poor results? Take care, Bill
Home Last updated: Thu Aug 22 16:18:53 2002 11663 messages in chronological order |