[7543] in cryptography@c2.net mail archive
Re: Weak user keys, strong servers.
daemon@ATHENA.MIT.EDU (James A. Donald)
Sun Jul 23 13:40:22 2000
Message-Id: <4.3.1.2.20000723084258.02380a20@shell11.ba.best.com>
Date: Sun, 23 Jul 2000 08:50:01 -0700
To: hal@finney.org, coderpunks@toad.com, cryptography@c2.net,
jamesd@echeque.com
From: "James A. Donald" <jamesd@echeque.com>
Cc: daw@CS.Berkeley.EDU, dpj@world.std.com
In-Reply-To: <200007221915.MAA06829@finney.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
--
At 12:15 PM 7/22/2000 -0700, hal@finney.org wrote:
> You could have a slightly simpler system by just letting G^q be the
> user's public key,
Which gives the server unlimited power to read the users mail and
impersonate the user, even if the user is using a high entropy passphrase.
> It's a little unclear what your security model is, whether the
> client is trusted or not.
That is because I am looking for both belt and braces to keep the users
pants up.
I want a system that is invulnerable to outsiders who have no knowledge of
the passphrase and infrequent and limited access to the user's machine and
no power over the server, even if the user chooses a weak passphrase, and a
system that is also invulnerable to outsiders with power over the server if
the user chooses a strong passphrase and they have no access to the user's
machine.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
fBygsLvIO8PYdMDoivJRJg6J1OvIXDR+USrBa0Ou
4HRCExGCubrGiwhyIUJmf2QkOYOTYuvZsh/AXJjyA
