1998-10-30 - don’t use passwords as private keys (was Re: Using a password as a private key.)

Header Data

From: Adam Back <aba@dcs.ex.ac.uk>
To: bill.stewart@pobox.com
Message Hash: 9767f0ea29358398027c809afc062489fb4c1718a80240eeacc6ca829351a0ae
Message ID: <199810292120.VAA01702@server.eternity.org>
Reply To: <3.0.5.32.19981028012129.008334d0@idiom.com>
UTC Datetime: 1998-10-30 09:21:50 UTC
Raw Date: Fri, 30 Oct 1998 17:21:50 +0800

Raw message

From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 30 Oct 1998 17:21:50 +0800
To: bill.stewart@pobox.com
Subject: don't use passwords as private keys (was Re: Using a password as a private key.)
In-Reply-To: <3.0.5.32.19981028012129.008334d0@idiom.com>
Message-ID: <199810292120.VAA01702@server.eternity.org>
MIME-Version: 1.0
Content-Type: text/plain




Some people have been talking about using passwords as private keys.
(By using the passphrase as seed material for regenerating the private
and public key).

I don't think this is a good idea.

You can't forget passphrases.  You can destroy private key files.

Therefore you open yourself up to coercion, and forward secrecy is not
possbile with these schemes.  This means it is less secure.

The other reason it is less secure others commented on: you provide an
open target for dictionary attacks.  I wouldn't want to do that, even
with high entropy passphrase, it loses one important line of defense:
unavailability of private key file.

Adam





Thread