[Cryptography] Is storing a hash of a private key a security risk?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Apr 12 16:36:02 EDT 2016
Nemo <nemo at self-evident.org> writes:
>You can guess the input, and you can tell when two inputs were (probably) the
>same, but that's it.
That is the one concern with it, you can now tell whether the key stored in
HSM-like-device #1 is the same as the one stored in HSM-like-device #2.
However since you can probably do that anyway by comparing the corresponding
public keys, it may not be such a big deal.
It's just one of those things that seems unsound, although I can't quite
elucidate why.
I'll have to check the hardware for whether it's possible to mix a salt into
the hash before it's run over the key components, but I think it's not
possible, the enclave just gives a yes/no response for a given hash but no
more.
Peter.
More information about the cryptography
mailing list