Cringely Gives KnowNow Some Unbelievable Free Press... (fwd)
Ben Laurie
ben at algroup.co.uk
Tue Jan 29 10:26:40 EST 2002
Eric Rescorla wrote:
>
> "Enzo Michelangeli" <em at who.net> writes:
>
> > ----- Original Message -----
> > From: "Eric Rescorla" <ekr at rtfm.com>
> > To: "Eugene Leitl" <Eugene.Leitl at lrz.uni-muenchen.de>
> > Sent: Monday, 28 January, 2002 6:33 AM
> >
> > [...]
> > > If you want to see EC used you need to describe a specific algorithm
> > > which has the following three properties:
> > >
> > > (1) widely agreed to be unencumbered, particularly by the big players.
> > > [extra points if you're willing to indemnify]
> > > (2) significantly better than RSA (this generally means faster)
> > > (3) has seen a significant amount of analysis so that we can have
> > > some reasonable confidence it's secure.
> > >
> > > Until someone does that, the cost of information in choosing an
> > > EC algorithm is simply too high to justify replacing RSA in
> > > most applications.
> >
> > Well, a nice characteristic that RSA doesn't have is the ability of using as
> > secret key a hash of the passphrase, which avoids the need of a secret
> > keyring and the relative vulnerability to dictionary attacks. See e.g. the
> > Pegwit application, which, in its version 9
> I don't know exactly what Pegwit does, but most of these schemes
> are still vulnerable to dictionary attacks by trying arbitrary
> passphrases and seeing if they generate the correct public key.
> It's of course slower since the test operation is slower.
If you want to slow down test operations, then iteration is good.
BTW, I don't see why using a passphrase to a key makes you vulnerable to
a dictionary attack (like, you really are going to have a dictionary of
all possible 1024 bit keys crossed with all the possible passphrases?
Sure!).
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list