[103240] in Cypherpunks
Re: ArcotSign (was Re: Does security depend on hardware?)
daemon@ATHENA.MIT.EDU (Ben Laurie)
Tue Sep 22 10:39:24 1998
Date: Tue, 22 Sep 1998 15:24:24 +0100
From: Ben Laurie <ben@algroup.co.uk>
To: Bruce Schneier <schneier@counterpane.com>
CC: Mok-Kong Shen <mok-kong.shen@stud.uni-muenchen.de>, cryptography@c2.net,
cypherpunks@algebra.com, coderpunks@toad.com
Reply-To: Ben Laurie <ben@algroup.co.uk>
Bruce Schneier wrote:
> >(I suppose the 'remembered secret' has less bits then the 'password'
> >that is to be retrieved from the pool of millions with the
> >'mathematical magic'). So the advantages of the scheme appear to
> >remain unclear as a matter of principle.
>
> The advantages are that offline password guessing is impossible.
The 'I' word always makes me nervous - do you really mean that, or do
you just mean "very difficult"?
Cheers,
Ben.
--
Ben Laurie |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant |Fax: +44 (181) 735 0689|http://www.apache.org/
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd, |Apache-SSL author http://www.apache-ssl.org/
London, England. |"Apache: TDG" http://www.ora.com/catalog/apache/
WE'RE RECRUITING! http://www.aldigital.co.uk/
