Re: strong passwords

[Mikael Olsson <mikael.olsson () clavister com>]

And taking the next logical step:

Mikael Olsson wrote:
> For 100 balls going into 100 buckets:
> - 37 non-collisions
> - 37 single collisions (hey, 50:50 :))
> - 18 double collisions
[and there's triples and quadruples too, btw]

So, for our 100 inputs, we get
37*1 + 37/2 + 18/3 = about two thirds of all outputs used

And this is why I heartily disagree to hash loops, e.g. take an
input, and hash it an obscene number (let's say 1000) of times.
Every loop, statistically speaking, we're destroying input entropy.

But, then again, I'm not a cryptographer. I'm sure there's one
around to disagree with me. :)


-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com

"It's July. I'm on vacation. Can't you tell? :)"
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards