From: mgraffam@idsi.net
To: Ulf M�ller <ulf@fitug.de>
Message Hash: 805d03d9abb30b65f4b9d20c0f25dc262d672491cd87e7666a97c2728687b118
Message ID: <Pine.LNX.3.96.981028190420.19421D-100000@albert>
Reply To: <m0zYdlv-0003b7C@ulf.mali.sub.org>
UTC Datetime: 1998-10-29 01:21:07 UTC
Raw Date: Thu, 29 Oct 1998 09:21:07 +0800
From: mgraffam@idsi.net
Date: Thu, 29 Oct 1998 09:21:07 +0800
To: Ulf Mller <ulf@fitug.de>
Subject: Re: Using a password as a private key.
In-Reply-To: <m0zYdlv-0003b7C@ulf.mali.sub.org>
Message-ID: <Pine.LNX.3.96.981028190420.19421D-100000@albert>
MIME-Version: 1.0
Content-Type: text/plain
On Wed, 28 Oct 1998, Ulf [iso-8859-1] Mller wrote:
> I don't like the idea though. You're giving everybody the chance to
> run a password guessing attack on your secret key.
That was my first objection too..
But the only thing stopping an attacker from running the same attack
on my PGP key is that they don't _have_ my PGP key.. a non-issue
for a dedicated attacker. My 1024 bit private key could be had fairly
easily, it would entail hacking my PC, or stealing.. whatever. Now
they run a password cracker.
In the case of the private key being generated from a passphrase, hacking
my PC, or stealing it, does them no good .. my private key isn't there ..
(ok, maybe it is.. data remanence is a pain in ass.. but you get the
point).
Lastly .. I am not too familiar with elliptic curve crypto, but it seems
to me that running a cracker on a phrase, and then generating the private
key from it or trying signatures is going to be more CPU intensive than
doing a few blocks of IDEA or CAST, so it would seem to follow that this
scheme is stronger in preventing an intelligent search of the passphrase.
Michael J. Graffam (mgraffam@idsi.net)
"..subordination of one sex to the other is wrong in itself, and now
one of the chief hindrances to human improvement.." John Stuart Mill
"The Subjection of Women"
Return to November 1998
Return to “ulf@fitug.de (Ulf =?iso-8859-1?Q?M=F6ller?=)”