- From: Thomas Roessler <tlr@w3.org>
- Date: Fri, 23 Jan 2009 15:35:55 +0100
- To: "Mary Ellen Zurko" <mzurko@us.ibm.com>
- Cc: "Francois Daoust <fd" <fd@w3.org>, Web Security Context Working Group <public-wsc-wg@w3.org>
On 23 Jan 2009, at 15:06, Mary Ellen Zurko wrote: > > Well, once you choose enough bits for your hash, that's not the > > problem. (With a hash table, you aim at a small number of bits to > > keep the table small.) > > > > The real trouble is that you don't want the token to be password- > > equivalent. > > > > So what is "enough bits"? The same maximum size as your identity? > But why don't you still have the birthday problem? > (I reiterate, ianac) You choose your number of bits so the birhtday problem becomes very unlikely. Like, 256.
Received on Friday, 23 January 2009 14:36:07 UTC