Re: Death of PGP Key 0xFBAF5E44 at 19:03 02 Jan 1999 UTC

Peter Gutmann (pgut001@cs.auckland.ac.nz)
Sun, 3 Jan 1999 21:54:16 (NZDT)

• Next message: Anonymous: "WS_FTP crypto."
• Previous message: Mike Rosing: "Re: Death of PGP Key 0xFBAF5E44 at 19:03 02 Jan 1999 UTC"
• In reply to: Ryan Lackey: "Death of PGP Key 0xFBAF5E44 at 19:03 02 Jan 1999 UTC"
• Next in thread: Anonymous: "Re: Death of PGP Key 0xFBAF5E44 at 19:03 02 Jan 1999 UTC"

>One major advantage of being able to carry around your verification in your
>head is that you can create your secret key on any machine.
 
And so can anyone else who can guess your password. This is why it's always a
good idea to combine something you have (eg an encrypted nonce stored on your
PC) with what you're carrying around in your head. An additional advantage is
that it makes it possible to destroy your key when you need to, something
which isn't possible with a purely password-based one.
 
>This is a plug, but it's taken at the most opportune time I can imagine. If
>PGP used elliptic curve PK you wouldn't have this problem. Your verification
>can be regened by hashing your pass phrase.
 
You can also do this with many DLP-based PKC's where x can be a hash of a
passphrase.
 
Peter.

• Next message: Anonymous: "WS_FTP crypto."
• Previous message: Mike Rosing: "Re: Death of PGP Key 0xFBAF5E44 at 19:03 02 Jan 1999 UTC"
• In reply to: Ryan Lackey: "Death of PGP Key 0xFBAF5E44 at 19:03 02 Jan 1999 UTC"
• Next in thread: Anonymous: "Re: Death of PGP Key 0xFBAF5E44 at 19:03 02 Jan 1999 UTC"