[103277] in Cypherpunks
Re: ArcotSign (was Re: Does security depend on hardware?)
daemon@ATHENA.MIT.EDU (Mike Stay)
Tue Sep 22 15:01:18 1998
Date: Tue, 22 Sep 1998 12:42:27 -0600
From: Mike Stay <staym@accessdata.com>
To: mok-kong.shen@stud.uni-muenchen.de
CC: coderpunks@toad.com, cypherpunks@algebra.com, cyptography@c2.net
Reply-To: Mike Stay <staym@accessdata.com>
>>In that case please allow me to go back to a point raised by me
>>previously. The user uses his 'remembered secret' (of fewer bits)
>>through a public algorithm (including protocol) to retrieve from a
>>pool the password (of more bits). If the attacker doesn't have the
>>pool then everything looks fine. But if he manages to get the pool
>>(a case someone mentioned in this thread) then he can obviously
>>brute force offline, I believe, since he possesses now everything
>>the legitimate user has, excepting the 'remembered secret'. Or is
>>there anything wrong with my logic?
>
>Yes. There is something wrong with you logic.
>
>Bruce
>**********************************************************************
>Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098
>101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590
> Free crypto newsletter. See: http://www.counterpane.com
According to the website, there's no pool of passwords. There's a
truncated hash that will catch most mistakes, but is useless as a test
criterion in a dictionary attack. If you get the user's "public" key,
then you can do a dictionary attack. The user's "public" key isn't
public, however; not even the user knows it. If I'm understanding it
right, it's stored encrypted and the key is only given to a set of
predefined servers. Prior relationship must exist; they admit that.
--
Mike Stay
Cryptographer / Programmer
AccessData Corp.
mailto:staym@accessdata.com
