On 2013-08-25 2:30 AM, � wrote:
hi list,
i had an epiphany today, and i wonder if such a thing already exists or not.
so the usual thing is to create a key pair, store the private key encripted with a password. we
automatically get a two factor authentication, we have a "know" and a "have".
okay, but what if we don't want this, and we want our old password only, no keyring approach?
we can do that. how about this? stretch the password with some KDF, derive a
seed to a PRNG, and use the PRNG to create the the key pair. if the algorithm
is fixed, it will end up with the same keypair every time. voila, no-keyring
password-only public key cryptography.
do you see any downsides to that, besides the obvious ones that follow from the
no-keyring requirement? (slow, weak password.)
has anybody done something like that already? does it have a name?
Attacker applies dictionary attack.
To avoid dictionary attack, use zero knowledge passphrase proof (ZKPP)to
obtain passphrase authenticated key agreement with a server (for which
the acronym is PAKE, not PAKA as one might expect)
Server supplies a unique salt, derived from the server's secret and the
user login, with the user combines with his passprhase
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography