Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:21
David Jablon (dpj@world.std.com)
Mon, 12 Oct 1998 10:59:49 -0400
At 02:27 AM 10/12/98 -0400, mgraffam@idsi.net wrote:
> [...]
> I remember reading something somewhere (here?, sci.crypt?) about an
> authentication method that has the user select a number of faces .. this
> unique combination of faces is the user's key, essentially.
This sounds like the PassFaces system. <www.id-arts.com>
Using PassFaces directly to generate enough bits to key
a cipher may be cumbersome. You might also want to think
about using secure remote storage with a key amplifier.
SPEKE and related password-authenticated key exchange
protocols. <world.std.com/~dpj/>
> At 1.3 bits of entropy/character in English we'd need a just about 200
> characters to key the AES.. I don't think English is gonna cut the
> mustard. By varying the size of the faces available we can size the
> bits of entropy per selection as needed.. with a practical upper limit,
> of course.. navigating through billions of faces is obviously insane.
Measures like "1.3 bits per character" can easily overstate or
understate the effective size of user-chosen keys.
With unconstrained human choice, key quality is a
psychological game. A conservatively designed system
allows user-chosen keys to have low entropy.
-- David
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:21