[Cryptography] Are zero knowledge authentication systems safe?

[Phillip Hallam-Baker]

Let us assume that we have a provably secure zero knowledge system. Is
it actually more secure in practice than other techniques?

The reason for my concern here is that one time pads are theoretically
perfect but practical versions have been broken see Venona.

So for example, looking at the version in Wikipedia:
https://en.wikipedia.org/wiki/Zero-knowledge_proof

In each round, Peggy commits to e^r mod p and reveals either r or x+r
mod p where x is her private key.

Now if the random number generation is perfect, nothing is lost. But
what if it isn't? What if the random number generator has been bongoed
or is just bad? If the random number generator has only 32 bits of
ergodicity and Peggy reveals x+r, she has given Mallet the ability to
break her key.


Now consider a non zero knowledge mechanism, Peggy knows x and
discloses e^x. Bob challenges her with e^y, Peggy returns H(e^xy).

In this scheme, Bob knows something that he couldn't know any other
way. But we can make that knowledge arbitrarily useless by adding in
information that is specific to the protocol, the time, the place,
parties, etc.

Lets say we are doing this for authentication to a mail server. Let
R=e^xy. Let the proof value be H (R + "Peggy" + "Bob" + "Using this
for email" + "2015-10-31"). There is a small risk that information
might leak and be useful to someone but it is very small. Peggy
certainly hasn't put her private key at risk in any way at all unless
the hash is astonishingly broken. More broken than MD4 broken.


Am I just missing the point or is this particular zero knowledge proof
rather brittle in practice?