Dnia 07.07.2008 Przemyslaw Frasunek <v...@f...lublin.pl> napisał/a:
> 1000 iterations (or 2000 iterations when HMAC-RIPEMD-160 is used as the
> underlying hash function) of the key derivation function have to be
> performed to derive a header key, which increases the time necessary
> to perform an exhaustive search for passwords (i.e., brute force attack)

A jesli ktos nie wierzy w dokument, to mozna to latwo sprawdzic w zrodlach:

Common/Pkcs5.c:
void derive_u_ripemd160 (char *pwd, int pwd_len, char *salt, int salt_len, int i
terations, char *u, int b)
{
/* iteration 1 */
memset (counter, 0, 4);
counter[3] = (char) b;
memcpy (init, salt, salt_len); /* salt */
memcpy (&init[salt_len], counter, 4); /* big-endian block number */
hmac_ripemd160 (pwd, pwd_len, init, salt_len + 4, j);
memcpy (u, j, RIPEMD160_DIGESTSIZE);

/* remaining iterations */
for (c = 1; c < iterations; c++)
{
hmac_ripemd160 (pwd, pwd_len, j, RIPEMD160_DIGESTSIZE, k);
for (i = 0; i < RIPEMD160_DIGESTSIZE; i++)
{
u[i] ^= k[i];
j[i] = k[i];
}
}
}


./Volume/Pkcs5Kdf.cpp:
void Pkcs5HmacRipemd160::DeriveKey (const BufferPtr &key, const VolumePa
ssword &password, const ConstBufferPtr &salt, int iterationCount) const
{
ValidateParameters (key, password, salt, iterationCount);
derive_key_ripemd160 ((char *) password.DataPtr(), (int) passwor
d.Size(), (char *) salt.Get(), (int) salt.Size(), iterationCount, (char *) key.G
et(), (int) key.Size());
}


[...]

DeriveKey (key, password, salt, GetIterationCount());

./Volume/Pkcs5Kdf.h:
virtual int GetIterationCount () const { return 2000; }

--
* Fido: 2:480/124 ** WWW: http://www.frasunek.com ** NICHDL: PMF9-RIPE *
* Jabber ID: v...@c...pl ** PGP ID: 2578FCAD ** HAM-RADIO: SQ5JIV *