"Michael Young" <mwy-opgp97(_at_)the-youngs(_dot_)org> writes:
I don't find the spec that hard to understand, but I've now seen
postings from several people who did (in different ways).
Conceptually, for segment N (starting with N=0):
Create a buffer of size (N + min(count,passphrase.length+salt.length)).
Um, this should be max(), not min(), as if count < passphrase.length +
salt.length, you still use all of the passphrase + length
Fill the first N bytes with zeroes.
Fill the rest with the salt and passphrase bytes until you run out.
Hash this entire buffer.
In practice, you use a hashing gadget that lets you feed it incrementally,
and you use as many as you need in parallel.
At no point do you use the hash output as input. Yes, the hash
function itself may do something similar with hash lines internally,
but that is a carefully-considered aspect of the hash function
design.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord(_at_)MIT(_dot_)EDU PGP key available