"Enzo Michelangeli" <[EMAIL PROTECTED]> writes: > Well, a nice characteristic that RSA doesn't have is the ability of using as > secret key a hash of the passphrase, which avoids the need of a secret > keyring
All PK algorithms have this property; seed a CSPRNG with the passphrase and use the CSPRNG as the source of randomness in key generation. > and the relative vulnerability to dictionary attacks. The protection against dictionary attacks seems to be that checking whether a given passphrase is the correct one is slow, because you have to check it against the public key. However, the minimum time to check passphrase validity can be made arbitrarily slow whatever PK algorithm is used, with techniques such as key stretching. http://www.counterpane.com/low-entropy.html Your proposal makes a system *more* vulnerable to dictionary attacks, since the attack can be mounted without the need to seize the secret keyring. -- __ Paul Crowley \/ o\ [EMAIL PROTECTED] /\__/ http://www.ciphergoth.org/ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]