Re^2: Question about encryption key length

Replies are listed 'Best First'.
Re^3: Question about encryption key length by turo (Friar) on Dec 14, 2005 at 21:37 UTC
I'm not sure to understand ... You have an indexed file for encrypted passwords (ciphered with the keys generated with Crypt::RandPasswd), and other indexed file for storing the keys (encrypted i suppose with the general-use key saved at ~/a.conf) ... are my assumptions okay? And this scheeme is for what? ... for users authentication (it is no better to store a simple HashFunction(user_password,generic_passwd) result? ... It sounds very bizarre ... i think turo `perl -Te 'print map { chr((ord)-((10,20,2,7)[$i++])) } split //,"turo"'`	[reply] [d/l]
Re^4: Question about encryption key length by bradcathey (Prior) on Dec 14, 2005 at 23:33 UTC
Well, it very well might be bizarre. I'm trying to build in the entrophy that Schneier talks about. But I'm open. Can you show me an example fot he HashFunction you are talking about. Thanks. —Brad "The important work of moving the world forward does not wait to be done by perfect men." George Eliot	[reply] [d/l]
Re^5: Question about encryption key length by turo (Friar) on Dec 15, 2005 at 02:23 UTC
Well, i'll continue making assumptions ... The system you want (if it is what i think) is like this: An user wants to authenticate. He or she introduces his name and password into some formulary Pass this data to your perl script/function/whatever It takes the generic encrypted pasword for this user (looking this at the indexed file) It deciphers it with your generic 56byte-key stored at ~/a.conf Then it takes from the other file the user encrypted password Decrypts this password whit the decrypted key for this user Finally compares if the dechipered password is equal to the password passed as argument If this is you want to do; why do not reuse (modern Unixes\|GNU/Linux) way? ... I mean: user introduces username and password. user the function/script get a stream of bytes (generated by a hash function (a.k.a. one way function) like the md5, sha1, etc ... if you want, you can generate the hash using some password) from the password. If you use a web formulary, you must consider that the user password will travel unciphered accross the net and a possible eavesdropper attack can be done against this user :-P. The script takes with the user identifier the diggest/hashed/md5ed password from the indexed file (this time we only need one file) compares it with the current 'hashed password'. If they are equal, the passwords (in plain text) are equal (in theory), so the authentication is done. MD5 algorithm is commonly used for getting these digests. Yes, md5 is not very secure, but there are other hash functions you can use (Digest::MD5, Digest::SHA1) ... I recommend you to search on Bruce Scheneier site for a recommedation on what hash/digest algoritm to use ... regards turo `perl -Te 'print map { chr((ord)-((10,20,2,7)[$i++])) } split //,"turo"'`	[reply] [d/l]