[8245] in cryptography@c2.net mail archive
Re: migration paradigm (was: Is PGP broken?)
daemon@ATHENA.MIT.EDU (Paul Crowley)
Sun Dec 10 04:56:19 2000
To: Rick Smith at Secure Computing <rick_smith@securecomputing.com>
Cc: Peter Fairbrother <peter.fairbrother@ntlworld.com>,
Ray Dillinger <bear@sonic.net>,
"Arnold G. Reinhold" <reinhold@world.std.com>, <cryptography@c2.net>,
William Allen Simpson <wsimpson@greendragon.com>
From: Paul Crowley <paul@cluefactory.org.uk>
Date: 10 Dec 2000 05:07:29 +0000
In-Reply-To: Rick Smith's message of "Thu, 07 Dec 2000 15:35:14 -0600"
Message-ID: <878zpolv8u.fsf@hedonism.subnet.hedonism.cluefactory.org.uk>
Rick Smith at Secure Computing <rick_smith@securecomputing.com> writes:
> Now, just how do we intend to address such concerns in our memory-based
> authentication systems? Our whole technology for using memorized secrets is
> built on the belief that people will remember and recite these secrets
> perfectly. Some applications could take more of a 'biometric pattern
> matching' strategy that measures the distance between the actual passphrase
> and a stored pattern. But this won't provide us with a secret we can use in
> crypto applications like PGP.
There has been some work on addressing this issue. See
http://www.counterpane.com/personal-entropy.html
--
__
\/ o\ paul@cluefactory.org.uk
/\__/ http://www.cluefactory.org.uk/paul/
