[8246] in cryptography@c2.net mail archive
Re: migration paradigm (was: Is PGP broken?)
daemon@ATHENA.MIT.EDU (Enzo Michelangeli)
Sun Dec 10 05:43:31 2000
Message-ID: <008101c06295$3aff6880$6000a8c0@em>
From: "Enzo Michelangeli" <em@who.net>
To: "Arnold G. Reinhold" <reinhold@world.std.com>,
"Bill Stewart" <bill.stewart@pobox.com>
Cc: <cryptography@c2.net>, "William Allen Simpson" <wsimpson@greendragon.com>
Date: Sun, 10 Dec 2000 18:37:10 +0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
----- Original Message -----
From: "Bill Stewart" <bill.stewart@pobox.com>
To: <reinhold@world.std.com>
Cc: <cryptography@c2.net>; "William Allen Simpson"
<wsimpson@greendragon.com>
Sent: Friday, December 08, 2000 11:58 PM
Subject: Re: migration paradigm (was: Is PGP broken?)
> A more important problem with passphrase-based keys is collisions -
> two people picking wimpy passwords can end up with the same keys.
> This means that you need to use something besides the key to differentiate
> between the users. It's not always a problem - if you've got your
> database of known public keys sorted by email address, it's ok,
> but if you've got it sorted by public key, you may have a problem.
Salt should take care of this (as well as reducing the effectiveness
of dictionary attacks).
Enzo
