Rodney Thayer wrote:
>
> At 09:46 AM 2/9/99 -0500, Arnold G. Reinhold wrote:
> >Nelson Minar's comments (reproduced below) are right on target. Here are
> [...] practical suggestions [...]
>
> >2. PGP should burn computer time hashing the passphrase. While you cannot
> >increase the entropy of a passphrase with an algorithm, you can make
> >exhaustive search far more difficult.
>
> There was an interesting paper presented last week at NDSS '99
> (http://www.isoc.org/ndss99) by Ari Juels and John Brainard, called "Client
> Puzzles", which relates. The notion is to cause the user to burn a bit of
> compute time solving a puzzle, in the interest of preventing certain kinds
> of attacks.
Isn't this just hashcash in disguise?
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
