Eric Rescorla wrote: > > "Enzo Michelangeli" <[EMAIL PROTECTED]> writes: > > > ----- Original Message ----- > > From: "Eric Rescorla" <[EMAIL PROTECTED]> > > To: "Eugene Leitl" <[EMAIL PROTECTED]> > > Sent: Monday, 28 January, 2002 6:33 AM > > > > [...] > > > If you want to see EC used you need to describe a specific algorithm > > > which has the following three properties: > > > > > > (1) widely agreed to be unencumbered, particularly by the big players. > > > [extra points if you're willing to indemnify] > > > (2) significantly better than RSA (this generally means faster) > > > (3) has seen a significant amount of analysis so that we can have > > > some reasonable confidence it's secure. > > > > > > Until someone does that, the cost of information in choosing an > > > EC algorithm is simply too high to justify replacing RSA in > > > most applications. > > > > Well, a nice characteristic that RSA doesn't have is the ability of using as > > secret key a hash of the passphrase, which avoids the need of a secret > > keyring and the relative vulnerability to dictionary attacks. See e.g. the > > Pegwit application, which, in its version 9 > I don't know exactly what Pegwit does, but most of these schemes > are still vulnerable to dictionary attacks by trying arbitrary > passphrases and seeing if they generate the correct public key. > It's of course slower since the test operation is slower.
If you want to slow down test operations, then iteration is good. BTW, I don't see why using a passphrase to a key makes you vulnerable to a dictionary attack (like, you really are going to have a dictionary of all possible 1024 bit keys crossed with all the possible passphrases? Sure!). Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]