"Fossies" - the Fresh Open Source Software Archive

Member "libmcrypt-2.5.8/doc/README.key" (9 Mar 2002, 472 Bytes) of package /linux/privat/old/libmcrypt-2.5.8.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 Mcrypt 2.1 was insecure (vulnerable to brute force attack for weak keys) 
    2 because it just used the plainkey as it was given by the user as algorithm's
    3 key. The solution seems to be a function which tranforms the
    4 key given by the user to a real -random looking- key. 
    5 
    6 There are many functions that may convert a password or a passphrase to
    7 a key. Most of them use hash algorithms. You can find some implementations
    8 at the libmhash package at: http://mhash.sourceforge.net