1998-10-30 - Re: don’t use passwords as private keys (was Re: Using a password as a private key.)

Header Data

From: Adam Back <aba@dcs.ex.ac.uk>
To: redrook@yahoo.com
Message Hash: 1946dbf7124ae935104f842edace77e0ec9d9b7c6c9f2c49154e4ddfab5a0677
Message ID: <199810301443.OAA06479@server.eternity.org>
Reply To: <19981029221752.26488.rocketmail@send102.yahoomail.com>
UTC Datetime: 1998-10-30 16:13:41 UTC
Raw Date: Sat, 31 Oct 1998 00:13:41 +0800

Raw message

From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sat, 31 Oct 1998 00:13:41 +0800
To: redrook@yahoo.com
Subject: Re: don't use passwords as private keys (was Re: Using a password as a private key.)
In-Reply-To: <19981029221752.26488.rocketmail@send102.yahoomail.com>
Message-ID: <199810301443.OAA06479@server.eternity.org>
MIME-Version: 1.0
Content-Type: text/plain




Harv "RedRook" (is that Harvey Rook?) writes:
> You don't know you have to destroy a key file, until it is too late.

Sooo.  What does this imply you should do?  Destroy your key file on a
regular basis :-)

eg. this key:

pub  2048/2E17753D 1998/10/04 Adam Back <aba@dcs.ex.ac.uk> (FS key, Oct 98)

will be destroyed tomorrow ("FS" = Forward Secrecy), the key is my
forward secret key for October.  And this one was destroyed at the end
of last month:

pub  2048/xxxxxxxx 1998/09/01 Adam Back <aba@dcs.ex.ac.uk> (FS key, Nov 98)

etc.

This means that if someone were (say like GCHQ or ECHELON) were to be
archiving my email, and later develop an interest in reading it, they
would be out of luck.  And I wouldn't be able to help them if I wanted
to.

> Until then, it's just laying around waiting for some one to copy and
> crack. If you are paranoid enough to assume your opponent is going to
> torcher you to get your signature password, you should assume that he
> already has your keyfile, and is willing to torcher you to get it's
> password.

Forward secrecy means that only the current key file is vulnerable.

> Thus coercion and dicitonary attacks are moot points. That is, if your
> password is good enough.

Your passphrase might not be as secure as you think it is.  The sound
of you typing it whilst on the phone, or the RF noise emitted by the
keyboard controller chip may completely or partially leak it.

Adam

Thread

• Return to October 1998

• Return to November 1998

• Return to “Adam Back <aba@dcs.ex.ac.uk>”
• Return to “Anonymous <nobody@replay.com>”
• Return to “Bill Stewart <bill.stewart@pobox.com>”
• Return to ““Blanc” <blancw@cnw.com>”
• Return to “Dave Emery <die@die.com>”
• Return to “Duncan Frissell <frissell@panix.com>”
• Return to “John Young <jya@pipeline.com>”
• Return to “Lucky Green <shamrock@cypherpunks.to>”
• Return to ““Lynne L. Harrison” <lharrison@dueprocess.com>”
• Return to “Petro <petro@playboy.com>”
• Return to “RedRook <redrook@yahoo.com>”
• Return to “Steve Schear <schear@lvcm.com>”

• Return to “Tim May <tcmay@got.net>”

• 1998-10-30 (Fri, 30 Oct 1998 17:17:59 +0800) - Re: don’t use passwords as private keys (was Re: Using a password as a private key.) - RedRook <redrook@yahoo.com>
  • 1998-10-30 (Sat, 31 Oct 1998 00:13:41 +0800) - Re: don’t use passwords as private keys (was Re: Using a password as a private key.) - Adam Back <aba@dcs.ex.ac.uk>
    • 1998-10-31 (Sun, 1 Nov 1998 07:12:11 +0800) - Re: don’t use passwords as private keys (was Re: Using a password as a private key.) - Steve Schear <schear@lvcm.com>
      • 1998-11-01 (Sun, 1 Nov 1998 12:59:08 +0800) - TEMPEST laptops - Tim May <tcmay@got.net>
        • 1998-11-01 (Mon, 2 Nov 1998 02:28:45 +0800) - Re: TEMPEST laptops - Tim May <tcmay@got.net>
          • 1998-11-02 (Mon, 2 Nov 1998 10:39:27 +0800) - Re: TEMPEST laptops - Tim May <tcmay@got.net>
            • 1998-11-04 (Thu, 5 Nov 1998 03:15:17 +0800) - Quick, Dear – Beat Me - Duncan Frissell <frissell@panix.com>
              • 1998-11-05 (Thu, 5 Nov 1998 13:48:25 +0800) - RE: Quick, Dear – Beat Me - “Blanc” <blancw@cnw.com>
                • 1998-11-07 (Sat, 7 Nov 1998 08:55:24 +0800) - RE: Quick, Dear – Beat Me - “Lynne L. Harrison” <lharrison@dueprocess.com>
              • 1998-11-05 (Fri, 6 Nov 1998 01:30:16 +0800) - RE: Quick, Dear – Beat Me - Petro <petro@playboy.com>
            • 1998-11-05 (Thu, 5 Nov 1998 14:04:53 +0800) - Re: TEMPEST laptops - Tim May <tcmay@got.net>
        • 1998-11-01 (Mon, 2 Nov 1998 05:14:26 +0800) - Re: TEMPEST laptops - Dave Emery <die@die.com>
          • 1998-11-04 (Thu, 5 Nov 1998 01:52:57 +0800) - Re: TEMPEST laptops - Petro <petro@playboy.com>
  • 1998-10-31 (Sat, 31 Oct 1998 12:39:52 +0800) - Re: don’t use passwords as private keys (was Re: Using a password as a private key.) - Bill Stewart <bill.stewart@pobox.com>
    • 1998-11-01 (Sun, 1 Nov 1998 08:23:00 +0800) - Re: don’t use passwords as private keys (was Re: Using a password as a private key.) - John Young <jya@pipeline.com>
      • 1998-11-01 (Sun, 1 Nov 1998 21:14:19 +0800) - Re: TEMPEST laptops - John Young <jya@pipeline.com>
      • 1998-11-01 (Mon, 2 Nov 1998 06:57:53 +0800) - Re: TEMPEST laptops - Bill Stewart <bill.stewart@pobox.com>
        • 1998-11-02 (Mon, 2 Nov 1998 10:01:42 +0800) - Re: TEMPEST laptops - Lucky Green <shamrock@cypherpunks.to>
        • 1998-11-02 (Mon, 2 Nov 1998 23:15:49 +0800) - Re: TEMPEST laptops - Tim May <tcmay@got.net>
      • 1998-11-06 (Sat, 7 Nov 1998 02:23:18 +0800) - Re: don’t use passwords as private keys (was Re: Using a password as a private key.) - Anonymous <nobody@replay.com>