1998-09-22 - Re: ArcotSign (was Re: Does security depend on hardware?)

Header Data

From: Mok-Kong Shen <mok-kong.shen@stud.uni-muenchen.de>
To: Bruce Schneier <schneier@counterpane.com>
Message Hash: 0b50252a04de1b448868a42412c36f4fcf11435cdb175c0eba7f353f70714bf0
Message ID: <3607A04E.BE164E44@stud.uni-muenchen.de>
Reply To: <Pine.LNX.3.96.980921133001.20069A-100000@blackbox>
UTC Datetime: 1998-09-22 00:25:45 UTC
Raw Date: Tue, 22 Sep 1998 08:25:45 +0800

Raw message

From: Mok-Kong Shen <mok-kong.shen@stud.uni-muenchen.de>
Date: Tue, 22 Sep 1998 08:25:45 +0800
To: Bruce Schneier <schneier@counterpane.com>
Subject: Re: ArcotSign (was Re: Does security depend on hardware?)
In-Reply-To: <Pine.LNX.3.96.980921133001.20069A-100000@blackbox>
Message-ID: <3607A04E.BE164E44@stud.uni-muenchen.de>
MIME-Version: 1.0
Content-Type: text/plain



Bruce Schneier wrote:
> 
> >I suppose you misunderstood me. I mean the 'mathematical magic'
> >cannot be made public. (Or is 'online protocol' = 'mathematical magic'?)
> >If the 'magic' is public then the attacker with the pool of passwords
> >could brute force offline.
> 
> No.  You misunderstood me.  There is NOTHING secret except the key.
> The online protocol, mathematical magic, source code, algorithm details,
> and everything else can be made public.  There are no secrets in the
> system except for the keys.

In that case please allow me to go back to a point raised by me
previously. The user uses his 'remembered secret' (of fewer bits) 
through a public algorithm (including protocol) to retrieve from a 
pool the password (of more bits). If the attacker doesn't have the 
pool then everything looks fine. But if he manages to get the pool
(a case someone mentioned in this thread) then he can obviously
brute force offline, I believe, since he possesses now everything
the legitimate user has, excepting the 'remembered secret'. Or is
there anything wrong with my logic?

M. K. Shen





Thread