From: ulf@fitug.de (Ulf =?iso-8859-1?Q?M=F6ller?=)
To: redrook@yahoo.com
Message Hash: ba2d62c61326d7a0f5abd39a7f14e851d2a7f539f60d04d01daf7eb416c8fb63
Message ID: <m0zYdlv-0003b7C@ulf.mali.sub.org>
Reply To: <19981027215307.3786.rocketmail@send1d.yahoomail.com>
UTC Datetime: 1998-10-29 00:02:38 UTC
Raw Date: Thu, 29 Oct 1998 08:02:38 +0800
From: ulf@fitug.de (Ulf =?iso-8859-1?Q?M=F6ller?=)
Date: Thu, 29 Oct 1998 08:02:38 +0800
To: redrook@yahoo.com
Subject: Re: Using a password as a private key.
In-Reply-To: <19981027215307.3786.rocketmail@send1d.yahoomail.com>
Message-ID: <m0zYdlv-0003b7C@ulf.mali.sub.org>
MIME-Version: 1.0
Content-Type: text/plain
>‚‚‚‚Assymetic crypto systems such as
>Diffie-Hellman, El-Gamel, and DSS, allow the private key to be a
>randomly chosen number. ‚But, as a cute hack, instead of using a
>random number, for the private key, you could use a hash of the User
>Name, and a password.
That has been proposed in the context of elliptic curve cryptography
where the keys don't need much entropy. I think George Barwood's
pegwit works that way.
I don't like the idea though. You're giving everybody the chance to
run a password guessing attack on your secret key.
Return to November 1998
Return to “ulf@fitug.de (Ulf =?iso-8859-1?Q?M=F6ller?=)”