Hi. I'm i right:
We calculate the salted hash d of the password p and the salt s using the hash-function H like this: d = H( p + s ) + s This will have the affect that d != H( p + s' ) + s' (only if s != s') but will not protect us against a dictionary attack since we can easily precompute H( w_i ) where w_i is the ith word of our dictionary and then just have to validate d == H( H( w_i ) + s ) !?! Thanks. --sk _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
