[4174] in cryptography@c2.net mail archive
Re: Strengthening the Passphrase Model (was Re: PGP
daemon@ATHENA.MIT.EDU (Ben Laurie)
Tue Feb 9 13:34:35 1999
Date: Tue, 09 Feb 1999 16:49:20 +0000
From: Ben Laurie <ben@algroup.co.uk>
To: Rodney Thayer <rodney@tillerman.nu>
Cc: "Arnold G. Reinhold" <reinhold@world.std.com>,
Nelson Minar <nelson@media.mit.edu>, cryptography@c2.net
Rodney Thayer wrote:
>
> At 09:46 AM 2/9/99 -0500, Arnold G. Reinhold wrote:
> >Nelson Minar's comments (reproduced below) are right on target. Here are
> [...] practical suggestions [...]
>
> >2. PGP should burn computer time hashing the passphrase. While you cannot
> >increase the entropy of a passphrase with an algorithm, you can make
> >exhaustive search far more difficult.
>
> There was an interesting paper presented last week at NDSS '99
> (http://www.isoc.org/ndss99) by Ari Juels and John Brainard, called "Client
> Puzzles", which relates. The notion is to cause the user to burn a bit of
> compute time solving a puzzle, in the interest of preventing certain kinds
> of attacks.
Isn't this just hashcash in disguise?
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
