On Tue, 5 Dec 2000, Arnold G. Reinhold wrote:
>At 7:20 PM +0000 12/4/2000, lcs Mixmaster Remailer wrote:
>>William Allen Simpson <[EMAIL PROTECTED]> writes:
>>> 4) an agreed algorithm for generating private keys directly from
>>> the passphrase, rather than keeping a private key database.
>>This is a major security weakness. The strength of the key relies
>>entirely on the strength of the memorized password. Experience has
>>shown that keys will not be strong if this mechanism is used.
>I believe there are applications where a passphrase generated key is
>preferable.
>I think a standard such as Mr. Simpson suggests is a worthwhile idea.
>No one is forced to use a standard just because it exists. One size
>does not fit all. However I would propose including an option for key
>stretching in any such standard. Key stretchers can bridge the gap
>between what people are willing to memorize and reasonable levels of
>security.
Uh, no. A dictionary attacker can stretch his guesses in exactly
the same way, so there is no security from a so-called "password
stretcher".
On the other hand, long passphrases that are *not* random gibberish
are easy to remember. As children, many of us (Americans in the
midwest) were called upon to memorize documents like the constitution,
word for word. Even the "special" kids got through the Preamble to
the Declaration of Independence. I remember standing up and reciting
"Annabell Lee" when I was a sixth-grader. Now those documents, along
with all of Shakespeare, are too well known to serve as keys. But
we are all capable of writing a piece of original prose or poetry and
memorizing the sucker. Sixty, eighty words -- that's easy. A thousand
is do-able with some time and effort. A hundred words of verse, if it's
original and you've never spoken it or shown it to anyone, is a pretty
damn secure passphrase.
So be conservative with how much entropy you get from the keyphrase
(my preferred standard is about 1 to 1.33 bits per character), ignore
spacing and punctuation, and let the text entry for the passphrase
be a big honkin' text block instead of a teeny little forty-character
line. If someone wants to enter "sex" as a password, s/he deserves
what s/he gets (although you may put up an "insecure passphrase"
warning box for him/her). But if they want to use the entirity of
a poem in Latin that they made up about their job, the implementor
shouldn't stand in their way.
And if the user keeps *ONE* secure passphrase in his/her head, the
key it generates can be used to unscramble all of the random keys
stored in an encrypted file.
Bear
One of my favorites, which I keep in my head just because I like
to take it out and just enjoy it every now and then....
I met a traveller from an antique land
Who said, 'Two vast and trunkless legs of stone
Stand in the desert. Near them, on the sand,
Half sunk, a shattered visage lies, whose frown,
And wrinkled lip, and sneer of cold command,
Tell that its sculptor well those passions read
Which yet survive, stamped on these lifeless things,
The hand that mocked them and the heart that fed;
And on the pedestal these words appear:
"My name is Ozymandias, king of kings:
Look upon my works, ye Mighty, and despair!"
Nothing beside remains. Round the decay
Of that colossal wreck, boundless and bare
The lone and level sands stretch far away.'
