At 01:03 AM 3/18/99 GMT, Ian Goldberg wrote:
> In article <v03130300b2e74ce2cecc@[24.128.119.92]>,
> Arnold G. Reinhold <[EMAIL PROTECTED]> wrote:
>>>> 2. PGP should burn computer time hashing the passphrase. While you cannot
>>>> increase the entropy of a passphrase with an algorithm, ...
But, you can increase the entropy of a passphrase-derived
session key with a key amplifier. In a better situation,
this might help.
>> At 7:47 AM +0000 2/10/99, Antonomasia wrote:
>>>> From memory, Rivest and Wagner have a paper on crypto time locks [...]
Arnold:
>> ... I don't see how it applies here. Finding a passphrase by
>> exhaustive search is an inherently parallel problem.
Ian:
> Indeed; the more appropriate paper to read is "Secure Applications of
> Low-Entropy Keys." John Kelsey, Bruce Schneier, and David Wagner. 1997
> Information Security Workshop. ...
Stretching partially deters attack on stored data.
What you really want is to move your sensitive
password-derived data to a safer place.
And if you can't find that one perfect spot,
how about splitting the password-encrypted key,
keeping part on some hopefully-secure and available server,
and part locally? Then no one compromise permits
exhaustive search.
-- dpj
