[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SHA1-based C-R for authentication

To: linux-crypto@xxxxxxxxxxxx
Subject: SHA1-based C-R for authentication
From: Dan Stromberg <strombrg@xxxxxxxxxxxxxxx>
Date: Fri, 21 Jan 2005 16:03:44 -0800
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-id: <linux-crypto.nl.linux.org>
List-owner: <mailto:ecartis-owner@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
Sender: linux-crypto-bounce@xxxxxxxxxxxx
User-agent: Pan/0.14.2 (This is not a psychotic episode. It's a cleansing moment of clarity.)

I've constructed a program that uses SHA1, with a password and a nonce, to
get a challenge-response authentication system.

My question is, will there be any difference in the strength of the
authentication, between the two following scenarios:

1) The password and nonce are 8 bit, 16 character strings of random bytes
from /dev/random

2) The password and nonce are 8 bit, 32 character strings of random hex
digits derived from the same string in #1 above

Anyone have an informed opinion on this?

Thanks!



-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

Prev by Date: Re: Announce loop-AES-v3.0b file/swap crypto package
Next by Date: Re: Announce loop-AES-v3.0b file/swap crypto package
Previous by thread: GOOD DAY
Next by thread: Donate to NarutoFan.com for Child Porn
Index(es):
- Date
- Thread