[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Use MD2 - RC4 for Scrypt
- To: Ryan Carboni <firstname.lastname@example.org>, "email@example.com" <firstname.lastname@example.org>
- Subject: Re: Use MD2 - RC4 for Scrypt
- From: Colin Percival <email@example.com>
- Date: Fri, 16 Sep 2016 11:20:35 -0700
- In-reply-to: <CAO7N=i29OJDbw10K1hxmzV83gmdTR0ON-V69Xc+Qx1QyeB9_6A@mail.gmail.com>
- References: <CAO7N=i29OJDbw10K1hxmzV83gmdTR0ON-V69Xc+Qx1QyeB9_6A@mail.gmail.com>
On 09/16/16 11:13, Ryan Carboni wrote:
> Given that passwords have less entropy than the preimage attack on
> MD2, wouldn't MD2 and RC4 be ideal?
> The memory swap operation cannot be unrolled, so state actors would
> find it more difficult to crack passwords hashed with Scrypt using MD2
> and RC4.
No. When cracking passwords you never go backwards; you just take a set
of candidate passwords and run them forwards through your KDF.
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid