[7355] in cryptography@c2.net mail archive
Re: Extracting Entropy?
daemon@ATHENA.MIT.EDU (William Allen Simpson)
Tue Jun 20 00:14:06 2000
Message-ID: <394EE8EA.A0DE5866@greendragon.com>
Date: Mon, 19 Jun 2000 23:45:46 -0400
From: William Allen Simpson <wsimpson@greendragon.com>
MIME-Version: 1.0
To: Ben Laurie <ben@algroup.co.uk>
Cc: Coderpunks <coderpunks@toad.com>, Cryptography <cryptography@c2.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE-----
Ben Laurie wrote:
>
> OK, so if I've got a passphrase of arbitrary length, and I wish to
> condense it to make a key of length n bits (n > 160), what's the
> approved method(s) of doing that?
>
> I assume it goes without saying that we wish to preserve as much entropy
> as we can, but I'll say it anyway.
>
Long ago, I had the same problem, and after much discussion about
preserving entropy, I formulated (for Photuris):
H(s,p1) || H(s,s,p2) || H(s,s,s,p3) ...
Thus, the entropy from secret (s) is reintroduced in every hash.
The MD padding (p) has a count of the number of bits (better than a
leading counter).
The code is easy and pretty efficient (just copy the intermediate
result before xxxFinal).
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1
iQCVAwUBOU7o49m/qMj6R+sxAQG0vAP9FuERLONf4dhDMgZuRROcoChVNisIkVw8
c/dhZtsicot5DDM7Rl2tUcu1uTePQ35Bj19Wf8/MBePYtqAP4J7DU3YRLsYmKCh+
2vcQLQCInoJ9cDyXr5m8ywUj/2u6GFVjofbmG8/uxV6qekqs2LE0mohXeDCL8MVd
oSpNcQdUF1k=
=TMlr
-----END PGP SIGNATURE-----
