At 09:46 AM 2/9/99 -0500, Arnold G. Reinhold wrote: >Nelson Minar's comments (reproduced below) are right on target. Here are [...] practical suggestions [...] >2. PGP should burn computer time hashing the passphrase. While you cannot >increase the entropy of a passphrase with an algorithm, you can make >exhaustive search far more difficult. There was an interesting paper presented last week at NDSS '99 (http://www.isoc.org/ndss99) by Ari Juels and John Brainard, called "Client Puzzles", which relates. The notion is to cause the user to burn a bit of compute time solving a puzzle, in the interest of preventing certain kinds of attacks.
- PGP compromised on Windows 9x? Rob Lemos
- Re: PGP compromised on Windows 9x? Harald Hanche-Olsen
- Re: PGP compromised on Windows 9x? Alan Olsen
- Re: PGP compromised on Windows 9x? Nelson Minar
- Strengthening the Passphrase Model (w... Arnold G. Reinhold
- Re: Strengthening the Passphrase... Rodney Thayer
- Re: Strengthening the Passph... Ben Laurie
- Re: Strengthening the Passphrase... Bill Frantz
- Re: Strengthening the Passph... Bill Stewart
- Re: Strengthening the Passphrase... David R. Conrad
- Re: Strengthening the Passphrase... David R. Conrad
- Re: Strengthening the Passph... Bill Frantz
- Re: PGP compromised on Windows 9x? Jim Gillogly
- Re: PGP compromised on Windows 9x? Steven M. Bellovin
- Re: PGP compromised on Windows 9x? Jon Callas
- Re: PGP compromised on Windows 9x? Arnold G. Reinhold
