[10321] in cryptography@c2.net mail archive
Re: Cringely Gives KnowNow Some Unbelievable Free Press... (fwd)
daemon@ATHENA.MIT.EDU (Ben Laurie)
Tue Jan 29 16:36:32 2002
Message-ID: <3C56BF30.DB99AE98@algroup.co.uk>
Date: Tue, 29 Jan 2002 15:26:40 +0000
From: Ben Laurie <ben@algroup.co.uk>
MIME-Version: 1.0
To: EKR <ekr@rtfm.com>
Cc: Enzo Michelangeli <em@em.no-ip.com>,
Eugene Leitl <Eugene.Leitl@lrz.uni-muenchen.de>,
Cryptography List <cryptography@wasabisystems.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Eric Rescorla wrote:
>
> "Enzo Michelangeli" <em@who.net> writes:
>
> > ----- Original Message -----
> > From: "Eric Rescorla" <ekr@rtfm.com>
> > To: "Eugene Leitl" <Eugene.Leitl@lrz.uni-muenchen.de>
> > Sent: Monday, 28 January, 2002 6:33 AM
> >
> > [...]
> > > If you want to see EC used you need to describe a specific algorithm
> > > which has the following three properties:
> > >
> > > (1) widely agreed to be unencumbered, particularly by the big players.
> > > [extra points if you're willing to indemnify]
> > > (2) significantly better than RSA (this generally means faster)
> > > (3) has seen a significant amount of analysis so that we can have
> > > some reasonable confidence it's secure.
> > >
> > > Until someone does that, the cost of information in choosing an
> > > EC algorithm is simply too high to justify replacing RSA in
> > > most applications.
> >
> > Well, a nice characteristic that RSA doesn't have is the ability of using as
> > secret key a hash of the passphrase, which avoids the need of a secret
> > keyring and the relative vulnerability to dictionary attacks. See e.g. the
> > Pegwit application, which, in its version 9
> I don't know exactly what Pegwit does, but most of these schemes
> are still vulnerable to dictionary attacks by trying arbitrary
> passphrases and seeing if they generate the correct public key.
> It's of course slower since the test operation is slower.
If you want to slow down test operations, then iteration is good.
BTW, I don't see why using a passphrase to a key makes you vulnerable to
a dictionary attack (like, you really are going to have a dictionary of
all possible 1024 bit keys crossed with all the possible passphrases?
Sure!).
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
