[10514] in cryptography@c2.net mail archive
Re: Cringely Gives KnowNow Some Unbelievable Free Press... (fwd)
daemon@ATHENA.MIT.EDU (Paul Crowley)
Wed Feb 27 12:47:35 2002
To: "Enzo Michelangeli" <em@em.no-ip.com>
Cc: "Cryptography List" <cryptography@wasabisystems.com>
From: Paul Crowley <paul@ciphergoth.org>
Date: 26 Feb 2002 19:32:56 +0000
In-Reply-To: "Enzo Michelangeli"'s message of "Tue, 29 Jan 2002 09:26:09 +0800"
Message-ID: <87664k2g47.fsf@saltationism.subnet.hedonism.cluefactory.org.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
"Enzo Michelangeli" <em@who.net> writes:
> Well, a nice characteristic that RSA doesn't have is the ability of using as
> secret key a hash of the passphrase, which avoids the need of a secret
> keyring
All PK algorithms have this property; seed a CSPRNG with the
passphrase and use the CSPRNG as the source of randomness in key
generation.
> and the relative vulnerability to dictionary attacks.
The protection against dictionary attacks seems to be that checking
whether a given passphrase is the correct one is slow, because you
have to check it against the public key. However, the minimum time to
check passphrase validity can be made arbitrarily slow whatever PK
algorithm is used, with techniques such as key stretching.
http://www.counterpane.com/low-entropy.html
Your proposal makes a system *more* vulnerable to dictionary attacks,
since the attack can be mounted without the need to seize the secret
keyring.
--
__ Paul Crowley
\/ o\ sig@paul.ciphergoth.org
/\__/ http://www.ciphergoth.org/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
