Re: Seeking advice on security best practice

On 23 Jan 2009, at 15:06, Mary Ellen Zurko wrote:

> > Well, once you choose enough bits for your hash, that's not the
> > problem.  (With a hash table, you aim at a small number of bits to
> > keep the table small.)
> >
> > The real trouble is that you don't want the token to be password-
> > equivalent.
> >
> So what is "enough bits"? The same maximum size as your identity?  
> But why don't you still have the birthday problem?
> (I reiterate, ianac)

You choose your number of bits so the birhtday problem becomes very  
unlikely.  Like, 256.

Received on Friday, 23 January 2009 14:36:07 UTC