1998-10-30 - Re: don’t use passwords as private keys (was Re: Using a password as a private key.)
Header Data
From: RedRook <redrook@yahoo.com>
To: bill.stewart@pobox.com
Message Hash: 7cd2d92b09ed8db378b56b147f8a494c4681bc1d05c1e034ca1537fe00c10749
Message ID: <19981029221752.26488.rocketmail@send102.yahoomail.com>
Reply To: N/A
UTC Datetime: 1998-10-30 09:17:59 UTC
Raw Date: Fri, 30 Oct 1998 17:17:59 +0800
Raw message
From: RedRook <redrook@yahoo.com>
Date: Fri, 30 Oct 1998 17:17:59 +0800
To: bill.stewart@pobox.com
Subject: Re: don't use passwords as private keys (was Re: Using a password as a private key.)
Message-ID: <19981029221752.26488.rocketmail@send102.yahoomail.com>
MIME-Version: 1.0
Content-Type: text/plain
You don't know you have to destroy a key file, until it is too late.
Until then, it's just laying around waiting for some one to copy and
crack. If you are paranoid enough to assume your opponent is going to
torcher you to get your signature password, you should assume that he
already has your keyfile, and is willing to torcher you to get it's
password.
Thus coercion and dicitonary attacks are moot points. That is, if your
password is good enough.
So, what's worse; guarding a high entopy password with a low entropy
password, or trying to memorize a high entropy password?
Harv
Adam Back <aba@dcs.ex.ac.uk> wrote:
>
>
> Some people have been talking about using passwords as private keys.
> (By using the passphrase as seed material for regenerating the private
> and public key).
>
> I don't think this is a good idea.
>
> You can't forget passphrases. You can destroy private key files.
>
> Therefore you open yourself up to coercion, and forward secrecy is not
> possbile with these schemes. This means it is less secure.
>
> The other reason it is less secure others commented on: you provide an
> open target for dictionary attacks. I wouldn't want to do that, even
> with high entropy passphrase, it loses one important line of defense:
> unavailability of private key file.
>
> Adam
>
_________________________________________________________
DO YOU YAHOO!?
Get your free @yahoo.com address at http://mail.yahoo.com
Thread
- Return to October 1998
Return to November 1998
- Return to “Adam Back <aba@dcs.ex.ac.uk>”
- Return to “Anonymous <nobody@replay.com>”
- Return to “Bill Stewart <bill.stewart@pobox.com>”
- Return to ““Blanc” <blancw@cnw.com>”
- Return to “Dave Emery <die@die.com>”
- Return to “Duncan Frissell <frissell@panix.com>”
- Return to “John Young <jya@pipeline.com>”
- Return to “Lucky Green <shamrock@cypherpunks.to>”
- Return to ““Lynne L. Harrison” <lharrison@dueprocess.com>”
- Return to “Petro <petro@playboy.com>”
- Return to “RedRook <redrook@yahoo.com>”
- Return to “Steve Schear <schear@lvcm.com>”
Return to “Tim May <tcmay@got.net>”
- 1998-10-30 (Fri, 30 Oct 1998 17:17:59 +0800) - Re: don’t use passwords as private keys (was Re: Using a password as a private key.) - RedRook <redrook@yahoo.com>
- 1998-10-30 (Sat, 31 Oct 1998 00:13:41 +0800) - Re: don’t use passwords as private keys (was Re: Using a password as a private key.) - Adam Back <aba@dcs.ex.ac.uk>
- 1998-10-31 (Sun, 1 Nov 1998 07:12:11 +0800) - Re: don’t use passwords as private keys (was Re: Using a password as a private key.) - Steve Schear <schear@lvcm.com>
- 1998-11-01 (Sun, 1 Nov 1998 12:59:08 +0800) - TEMPEST laptops - Tim May <tcmay@got.net>
- 1998-11-01 (Mon, 2 Nov 1998 02:28:45 +0800) - Re: TEMPEST laptops - Tim May <tcmay@got.net>
- 1998-11-02 (Mon, 2 Nov 1998 10:39:27 +0800) - Re: TEMPEST laptops - Tim May <tcmay@got.net>
- 1998-11-04 (Thu, 5 Nov 1998 03:15:17 +0800) - Quick, Dear – Beat Me - Duncan Frissell <frissell@panix.com>
- 1998-11-05 (Thu, 5 Nov 1998 13:48:25 +0800) - RE: Quick, Dear – Beat Me - “Blanc” <blancw@cnw.com>
- 1998-11-07 (Sat, 7 Nov 1998 08:55:24 +0800) - RE: Quick, Dear – Beat Me - “Lynne L. Harrison” <lharrison@dueprocess.com>
- 1998-11-05 (Fri, 6 Nov 1998 01:30:16 +0800) - RE: Quick, Dear – Beat Me - Petro <petro@playboy.com>
- 1998-11-05 (Thu, 5 Nov 1998 13:48:25 +0800) - RE: Quick, Dear – Beat Me - “Blanc” <blancw@cnw.com>
- 1998-11-05 (Thu, 5 Nov 1998 14:04:53 +0800) - Re: TEMPEST laptops - Tim May <tcmay@got.net>
- 1998-11-04 (Thu, 5 Nov 1998 03:15:17 +0800) - Quick, Dear – Beat Me - Duncan Frissell <frissell@panix.com>
- 1998-11-02 (Mon, 2 Nov 1998 10:39:27 +0800) - Re: TEMPEST laptops - Tim May <tcmay@got.net>
- 1998-11-01 (Mon, 2 Nov 1998 05:14:26 +0800) - Re: TEMPEST laptops - Dave Emery <die@die.com>
- 1998-11-04 (Thu, 5 Nov 1998 01:52:57 +0800) - Re: TEMPEST laptops - Petro <petro@playboy.com>
- 1998-11-01 (Mon, 2 Nov 1998 02:28:45 +0800) - Re: TEMPEST laptops - Tim May <tcmay@got.net>
- 1998-11-01 (Sun, 1 Nov 1998 12:59:08 +0800) - TEMPEST laptops - Tim May <tcmay@got.net>
- 1998-10-31 (Sun, 1 Nov 1998 07:12:11 +0800) - Re: don’t use passwords as private keys (was Re: Using a password as a private key.) - Steve Schear <schear@lvcm.com>
- 1998-10-31 (Sat, 31 Oct 1998 12:39:52 +0800) - Re: don’t use passwords as private keys (was Re: Using a password as a private key.) - Bill Stewart <bill.stewart@pobox.com>
- 1998-11-01 (Sun, 1 Nov 1998 08:23:00 +0800) - Re: don’t use passwords as private keys (was Re: Using a password as a private key.) - John Young <jya@pipeline.com>
- 1998-11-01 (Sun, 1 Nov 1998 21:14:19 +0800) - Re: TEMPEST laptops - John Young <jya@pipeline.com>
- 1998-11-01 (Mon, 2 Nov 1998 06:57:53 +0800) - Re: TEMPEST laptops - Bill Stewart <bill.stewart@pobox.com>
- 1998-11-02 (Mon, 2 Nov 1998 10:01:42 +0800) - Re: TEMPEST laptops - Lucky Green <shamrock@cypherpunks.to>
- 1998-11-02 (Mon, 2 Nov 1998 23:15:49 +0800) - Re: TEMPEST laptops - Tim May <tcmay@got.net>
- 1998-11-06 (Sat, 7 Nov 1998 02:23:18 +0800) - Re: don’t use passwords as private keys (was Re: Using a password as a private key.) - Anonymous <nobody@replay.com>
- 1998-11-01 (Sun, 1 Nov 1998 08:23:00 +0800) - Re: don’t use passwords as private keys (was Re: Using a password as a private key.) - John Young <jya@pipeline.com>
- 1998-10-30 (Sat, 31 Oct 1998 00:13:41 +0800) - Re: don’t use passwords as private keys (was Re: Using a password as a private key.) - Adam Back <aba@dcs.ex.ac.uk>