|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Irreversable Encryption
From: Can Erkin Acar (canacar
ea.eee.metu.edu.tr)Date: Fri Jul 28 2000 - 11:08:46 CDT
- Next message: Aaron Kelley: "Re: Irreversable Encryption"
- Previous message: Andrey Savochkin: "Re: Privileged port binding"
- Maybe in reply to: poke: "Irreversable Encryption"
- Next in thread: Aaron Kelley: "Re: Irreversable Encryption"
- Maybe reply: Can Erkin Acar: "Re: Irreversable Encryption"
- Reply: Aaron Kelley: "Re: Irreversable Encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> credit cards simply don't have enough size to be effectively
> one-wayed. That and banks use a prefix, all my visa's start with the
> same 4 numbers, even if you invlude expiry then it's 1e16 combo's,
> not to hard at all. You might
>
> When securing something, you have to think about the properties of
> what you are securing.
>
A different approach, used by OpenBSD for hashing passwords
is to use a SLOW to COMPUTE hash algorithm which makes brute-force
cracking arbitrarily difficult. I am not a cryptography person but it
seems useful in this case (it is much better than storing CC numbers
in plaintext anyway). A paper discussing the algorithm can be found
at:
http://www.openbsd.org/papers/bcrypt-paper.ps
- Next message: Aaron Kelley: "Re: Irreversable Encryption"
- Previous message: Andrey Savochkin: "Re: Privileged port binding"
- Maybe in reply to: poke: "Irreversable Encryption"
- Next in thread: Aaron Kelley: "Re: Irreversable Encryption"
- Maybe reply: Can Erkin Acar: "Re: Irreversable Encryption"
- Reply: Aaron Kelley: "Re: Irreversable Encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]