There is an ongoing discussion about an unused opportunity for improvement. To say it clearly, security has never suffered.

Nevertheless, effective Nov. 1st, 2005 I have changed the SDA generation tool slightly to further improve the security with gain for longer passphrases. Here are the facts:

The generated random sequence has two properties, polynomials and start status. Both are calculated out of the given passphrase and have a fixed 1 to 1 relation. But for some reasons it should be a 1 to many relation.

The drawing is only to give you an imagination how the random text develops. One starting point was always connected with one and the same polynomial that generates the sequence. Imagine that two different passphrases have the same MD5. (Btw, some guys are searching for collisions). Then the same random text would be produced although this is very improbable.

With only one additional statement in the polynomial selection algorithm the number of possible random sequences increases dramatically.

You can compare the change against the former version in the cracker award source file which will not be changed as promised.

If there are any doubts or objections, please let me know.

# posted by Juergen @ 18:02 0 comments