[3338] in cryptography@c2.net mail archive
Re: ArcotSign (was Re: Does security depend on hardware?)
daemon@ATHENA.MIT.EDU (Bruce Schneier)
Tue Sep 22 11:53:21 1998
Date: Tue, 22 Sep 1998 06:24:45 -0500
To: Mok-Kong Shen <mok-kong.shen@stud.uni-muenchen.de>
From: Bruce Schneier <schneier@counterpane.com>
Cc: cryptography@c2.net, cypherpunks@algebra.com, coderpunks@toad.com
In-Reply-To: <36078061.D34D26D@stud.uni-muenchen.de>
At 12:48 PM 9/22/98 +0100, Mok-Kong Shen wrote:
>Bruce Schneier wrote:
>>
>> At 08:59 AM 9/22/98 +0100, Mok-Kong Shen wrote:
>
>> >A question : How does the legitimate user find his password?
>> >(Sorry for not having followed this thread from the beginning.)
>>
>> He uses a remembered secret and some mathematical magic.
>
>Another naive question: Why is the remembered secret not sufficient
>(thus doing away with the magic)?
One of the significant improvements is that the scheme is immune to
offline password guessing attacks.
Bruce
**********************************************************************
Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590
Free crypto newsletter. See: http://www.counterpane.com
