[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Use MD2 - RC4 for Scrypt

To: Ryan Carboni <ryacko@gmail.com>, "scrypt@tarsnap.com" <scrypt@tarsnap.com>
Subject: Re: Use MD2 - RC4 for Scrypt
From: Colin Percival <cperciva@tarsnap.com>
Date: Fri, 16 Sep 2016 11:20:35 -0700
In-reply-to: <CAO7N=i29OJDbw10K1hxmzV83gmdTR0ON-V69Xc+Qx1QyeB9_6A@mail.gmail.com>
References: <CAO7N=i29OJDbw10K1hxmzV83gmdTR0ON-V69Xc+Qx1QyeB9_6A@mail.gmail.com>

On 09/16/16 11:13, Ryan Carboni wrote:
> Given that passwords have less entropy than the preimage attack on
> MD2, wouldn't MD2 and RC4 be ideal?
> 
> The memory swap operation cannot be unrolled, so state actors would
> find it more difficult to crack passwords hashed with Scrypt using MD2
> and RC4.

No.  When cracking passwords you never go backwards; you just take a set
of candidate passwords and run them forwards through your KDF.

-- 
Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid

References:
- Use MD2 - RC4 for Scrypt
  - From: Ryan Carboni <ryacko@gmail.com>

Prev by Date: Use MD2 - RC4 for Scrypt
Next by Date: scrypt command line tool - file format?
Previous by thread: Use MD2 - RC4 for Scrypt
Next by thread: scrypt command line tool - file format?
Index(es):
- Date
- Thread