[Cryptography] Single factor with automated change

[William Allen Simpson]

On 5/9/18 12:47 AM, Jon Callas wrote:
> 
>> On May 8, 2018, at 6:28 PM, William Allen Simpson <william.allen.simpson at gmail.com> wrote:
>>
>> On 5/8/18 2:04 AM, Jon Callas wrote:
>>> [...] If this manager could go out and change the password for you automagically as well, then as the life of any given random password approaches a single login, then that simple password system approaches the security of that type of two-factor, while gaining the benefit that a stolen database of shared secrets has ever-decaying usefulness, which lowers the incentive to hack that database in the first place. Single factor with automated change is arguably better than two-factor.
>> Here we are almost 25 years later back at Photuris....
> 
> Yup. And now the patents have all expired.
> 
Photuris was fairly carefully designed; there were no patents in
the base document.

The Secret Exchange (potential RSA patent) was deliberately
moved to a second document.  That patent expired even before
IESG permitted RFC publication (after 5+ long years), but
they never published the Secret Exchange as an RFC.

Also, the Secret Exchange wasn't dependent on RSA.  It could
use any existing authentication secret to verify the change of
this newly generated replacement authentication secret.

Moreover, all the secrets everywhere had specified lifetimes.
I've long been a believer in limiting exposure via relatively
short lifetimes, rather than revocations.

Finally, everything about Photuris was designed to lower the
incentives for cracking.  Exchanging pre-computed moduli
instead of relying on "well known" ones, so there were no
incentives to build a rainbow table....

That's always been one of my beefs with Elliptic Curves.  No
families, not easy to generate infinite numbers of them.