Private Key Generation from Passwords/phrases

Matthias Bruestle mbruestle at
Mon Jan 15 05:31:41 EST 2007

Joseph Ashwood wrote:
> ----- Original Message ----- From: "Matthias Bruestle"
> <mbruestle at>
>> What do you think about this?
> I think you need some serious help in learning the difference between
> 2^112 and 112, and that you really don't seem to have much grasp of the
> entire concept.

Please omit all "2^" besides in the "2^24". This should make you feel

> [most offensive parts deleted]
> time units are inconsistent. Basically just stop fiddling around trying
> to convince yourself you need less than you do, and locate 112 bits of
> apparent entropy, anything else and you're into the world of trying to
> prove equivalence between entropy and work which work in physics but
> doesn't work in computation because next year the work level will be
> different and you'll have to redo all your figures.

What we are interested in is time (e.g. "secure until 20XX"), not
entropy. After all we are all in a physical world, also the computers.
But for entropy we can buy time. Because physical world changes things
have to be redone, e.g. DES -> 3DES -> AES -> ... . So 30 years ago a
bit of entropy bought you much time, now not so much anymore. But
despite that with the system described in my email the figures don't
have to be redone every year. Because the computers (in the physical
world) get faster each year the time to bruteforce 3DES and 224bit-ECC
gets lower. The relation stays (mostly) the same. The only thing which
really changes is the time a user has to wait for recreating his key,
which gets lower and lower. He certainly has no problem with that.

Maybe you should take James Donald as an inspiring example for you. He
raised a valid point, the offline attack using the generally available
public key.


Matthias Bruestle, Managing Director
Phone +49 (0) 91 19 55 14 91, Fax +49 (0) 91 19 55 14 97
MaskTech GmbH, Nordostpark 16, 90411 Nuernberg, Germany

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list