[This conversation is spanning three mailing lists --
cryptography@metzdowd.com, [EMAIL PROTECTED], and tahoe-
[EMAIL PROTECTED] . Some of the posts have not reached all three of
those lists. I've manually added Jerry Leichter and Ivan Krstić to
the approved-senders set for p2p-hackers
On Sun, Mar 30, 2008 at 05:13:07PM -0400, Ivan Krsti?? wrote:
That's a brute force search. If your convergence key, instead of being
a simple file hash, is obtained through a deterministic but
computationally expensive function such as PBKDF2 (or the OpenBSD
bcrypt, etc), then step 3
zooko wrote:
Think of it like this:
Passwords are susceptible to brute-force and/or dictionary attack.
We can't, in general, prevent attackers from trying guesses at our
passwords without also preventing users from using them, so instead
we employ various techniques:
* salts (to
Hi,
Sorry for arriving late into this thread...
zooko [EMAIL PROTECTED] writes:
The Learn-Partial-Information Attack
They extended the confirmation-of-a-file attack into the
learn-partial-information attack. In this new attack, the
attacker learns some information from the
Ivan Krsti? wrote:
1. take partially known plaintext
2. make a guess, randomly or more intelligently where possible,
about the unknown parts
3. take the current integrated partial+guessed plaintext, hash
to obtain convergence key
4. verify whether that key exists in the storage index
5. if
On Mar 30, 2008, at 9:37 PM, zooko wrote:
You can store your True Name, credit card number, bank
account number, mother's maiden name, and so forth, on the same
server as your password, but you don't have to worry about using
salts or key strengthening on those latter secrets, because the
server
On Mar 31, 2008, at 6:44 AM, James A. Donald wrote:
Better still, have a limited supply of tickets that enable one to
construct the convergence key. Enough tickets for all normal usage,
but not enough to perform an exhaustive search. [...]
If you give the ticket issuing computers an
Ben Laurie [EMAIL PROTECTED] writes:
And so we end up at the position that we have ended up at so many times
before: the GTCYM has to have a decent processor, a keyboard and a screen,
and must be portable and secure.
One day we'll stop concluding this and actually do something about it.