1998-09-22 - Re: ArcotSign (was Re: Does security depend on hardware?)

Header Data

From: Ben Laurie <ben@algroup.co.uk>
To: Bruce Schneier <schneier@counterpane.com>
Message Hash: d56b2caaba2768777773b42c4b97b2b8ca2a895ffaa9a706f550b12a057325f8
Message ID: <3607B318.BC911171@algroup.co.uk>
Reply To: <Pine.LNX.3.96.980921133001.20069A-100000@blackbox>
UTC Datetime: 1998-09-22 01:24:22 UTC
Raw Date: Tue, 22 Sep 1998 09:24:22 +0800

Raw message

From: Ben Laurie <ben@algroup.co.uk>
Date: Tue, 22 Sep 1998 09:24:22 +0800
To: Bruce Schneier <schneier@counterpane.com>
Subject: Re: ArcotSign (was Re: Does security depend on hardware?)
In-Reply-To: <Pine.LNX.3.96.980921133001.20069A-100000@blackbox>
Message-ID: <3607B318.BC911171@algroup.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



Bruce Schneier wrote:
> >(I suppose the 'remembered secret' has less bits then the 'password'
> >that is to be retrieved from the pool of millions with the
> >'mathematical magic'). So the advantages of the scheme appear to
> >remain unclear as a matter of principle.
> 
> The advantages are that offline password guessing is impossible.

The 'I' word always makes me nervous - do you really mean that, or do
you just mean "very difficult"?

Cheers,

Ben.

-- 
Ben Laurie            |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org/
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd,     |Apache-SSL author     http://www.apache-ssl.org/
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache/

WE'RE RECRUITING! http://www.aldigital.co.uk/





Thread