[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cryptography
Subject:    Re: Strengthening the Passphrase Model
From:       David Jablon <dpj () world ! std ! com>
Date:       1999-03-18 17:30:12
[Download RAW message or body]

At 01:03 AM 3/18/99 GMT, Ian Goldberg wrote:
> In article <v03130300b2e74ce2cecc@[24.128.119.92]>,
> Arnold G. Reinhold <reinhold@world.std.com> wrote:
>>>> 2. PGP should burn computer time hashing the passphrase. While you cannot
>>>> increase the entropy of a passphrase with an algorithm, ...

But, you can increase the entropy of a passphrase-derived
session key with a key amplifier.  In a better situation,
this might help.

>> At 7:47 AM +0000 2/10/99, Antonomasia wrote:
>>>> From memory, Rivest and Wagner have a paper on crypto time locks [...]
Arnold:
>> ... I don't see how it applies here.  Finding a passphrase by
>> exhaustive search is an inherently parallel problem.
Ian:
> Indeed; the more appropriate paper to read is "Secure Applications of
> Low-Entropy Keys." John Kelsey, Bruce Schneier, and David Wagner. 1997
> Information Security Workshop. ...

Stretching partially deters attack on stored data.
What you really want is to move your sensitive
password-derived data to a safer place.

And if you can't find that one perfect spot,
how about splitting the password-encrypted key,
keeping part on some hopefully-secure and available server,
and part locally?  Then no one compromise permits
exhaustive search.

-- dpj

[prev in list] [next in list] [prev in thread] [next in thread]