On 2013-08-25 7:58 AM, James A. Donald wrote:
On 2013-08-25 2:30 AM, � wrote:
hi list,
i had an epiphany today, and i wonder if such a thing already exists
or not.
so the usual thing is to create a key pair, store the private key
encripted with a password. we automatically get a two factor
authentication, we have a "know" and a "have". okay, but what if we
don't want this, and we want our old password only, no keyring approach?
we can do that. how about this? stretch the password with some KDF,
derive a seed to a PRNG, and use the PRNG to create the the key pair.
if the algorithm is fixed, it will end up with the same keypair every
time. voila, no-keyring password-only public key cryptography.
do you see any downsides to that, besides the obvious ones that
follow from the no-keyring requirement? (slow, weak password.)
has anybody done something like that already? does it have a name?
Attacker applies dictionary attack.
To avoid dictionary attack, use zero knowledge passphrase proof
(ZKPP)to obtain passphrase authenticated key agreement with a server
(for which the acronym is PAKE, not PAKA as one might expect)
Server supplies a unique salt, derived from the server's secret and
the user login, with the user combines with his passprhase
If user has strong passphrase, server cannot guess user's secret key
If user has weak passphrase, server, but not eavesdropper, can
reconstruct secret key by dictionary attack.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
