On 9 September 2010 10:08, James A. Donald <jam...@echeque.com> wrote: > On 2010-09-09 6:35 AM, Ben Laurie wrote: >> >> What I do in Nigori for this is use DSA. Your private key, x, is the >> hash of the login info. The server has g^x, from which it cannot >> recover x, > > Except, of course, by dictionary attack, hence g^x, being low > entropy, is treated as a shared secret.
Indeed, if it is low entropy (I don't think you can assume it is, though I'll readily agree it is likely to be), then it is subject to a dictionary attack. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
