Cringely Gives KnowNow Some Unbelievable Free Press... (fwd)
Paul Crowley
paul at ciphergoth.org
Tue Feb 26 14:32:56 EST 2002
"Enzo Michelangeli" <em at who.net> writes:
> Well, a nice characteristic that RSA doesn't have is the ability of using as
> secret key a hash of the passphrase, which avoids the need of a secret
> keyring
All PK algorithms have this property; seed a CSPRNG with the
passphrase and use the CSPRNG as the source of randomness in key
generation.
> and the relative vulnerability to dictionary attacks.
The protection against dictionary attacks seems to be that checking
whether a given passphrase is the correct one is slow, because you
have to check it against the public key. However, the minimum time to
check passphrase validity can be made arbitrarily slow whatever PK
algorithm is used, with techniques such as key stretching.
http://www.counterpane.com/low-entropy.html
Your proposal makes a system *more* vulnerable to dictionary attacks,
since the attack can be mounted without the need to seize the secret
keyring.
--
__ Paul Crowley
\/ o\ sig at paul.ciphergoth.org
/\__/ http://www.ciphergoth.org/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list