Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:02
David Jablon (dpj@world.std.com)
Fri, 08 Jan 1999 07:24:11 -0500
Wei Dai <weidai@eskimo.com> wrote:
>>> How about using X=SHA(salt||passphrase), where salt is some 32-bit random
>>> value stored on your hard drive? That way if the hard drive is destroyed,
>>> you only have to brute force a 32-bit value, but an attacker has to brute
>>> force the salt and the passphrase simultaneously which is unfeasible even
>>> if the passphrase only has 40-bit entropy.
Eric Rescorla wrote:
>> Yeah, this is a good idea.
At 10:22 PM 1/3/99 -0600, Mike Rosing wrote:
>Make the salt something you have and the passphrase something you know.
>Seems to be the ideal solution. [...]
>The math is simple: private key = SHA(what you have||what you know)
>public key = (private key)*(public point) over the public curve. [...]
I like it too. Security based on something you have,
something you know ... and perhaps something they have.
Which brings to mind another opportunity for a plug.
When using password-authenticated DH (or ECDH if you prefer)
even with access to old network messages, and even when
the password/phrase has low entropy, it's still
not brute-forceable without getting both what you have *and*
what they have.
Here a stolen disk affords no opportunity to crack the
password, unless the public key is known too.
The extra benefit comes when the public key isn't advertised
to the world at large, but rather given out as needed,
which seems useful in persistent relationships.
-------------------------
David P. Jablon
Integrity Sciences, Inc.
dpj@world.std.com
<http://world.std.com/~dpj/>
+1 508 898 9024
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:02