Re: Death of PGP Key 0xFBAF5E44 at 19:03 02 Jan 1999 UTC

Wei Dai (weidai@eskimo.com)
Sun, 3 Jan 1999 15:15:08 -0800

• Next message: EKR: "Re: Death of PGP Key 0xFBAF5E44 at 19:03 02 Jan 1999 UTC"
• Previous message: Eric Rescorla: "Re: Death of PGP Key 0xFBAF5E44 at 19:03 02 Jan 1999 UTC"
• In reply to: Wei Dai: "Re: Death of PGP Key 0xFBAF5E44 at 19:03 02 Jan 1999 UTC"
• Next in thread: Eric Rescorla: "Re: Death of PGP Key 0xFBAF5E44 at 19:03 02 Jan 1999 UTC"
• Reply: Eric Rescorla: "Re: Death of PGP Key 0xFBAF5E44 at 19:03 02 Jan 1999 UTC"

On Sun, Jan 03, 1999 at 02:57:04PM -0800, EKR wrote:
> Of course, if you use a discrete log scheme, then you can
> just use X=SHA(passphrase).

How about using X=SHA(salt||passphrase), where salt is some 32-bit random
value stored on your hard drive? That way if the hard drive is destroyed,
you only have to brute force a 32-bit value, but an attacker has to brute
force the salt and the passphrase simultaneously which is unfeasible even
if the passphrase only has 40-bit entropy.

• Next message: EKR: "Re: Death of PGP Key 0xFBAF5E44 at 19:03 02 Jan 1999 UTC"
• Previous message: Eric Rescorla: "Re: Death of PGP Key 0xFBAF5E44 at 19:03 02 Jan 1999 UTC"
• In reply to: Wei Dai: "Re: Death of PGP Key 0xFBAF5E44 at 19:03 02 Jan 1999 UTC"
• Next in thread: Eric Rescorla: "Re: Death of PGP Key 0xFBAF5E44 at 19:03 02 Jan 1999 UTC"
• Reply: Eric Rescorla: "Re: Death of PGP Key 0xFBAF5E44 at 19:03 02 Jan 1999 UTC"