> > > > how would it be the best to derive a key from user input > > > > I think that depends on what you plan to do with the key, i.e., what it > > will be used for, and how it will be used > > how you mean? for encryption and signing i guess. >
If only it were that simple. If you have no idea what you are going to use the keys for and the attacks you need to resist, then it's unlikely you'll have a secure system. Things that might matter: Is the data stored and if so where? Is the data transmitted? When and where is the data decrypted, and by whom? How will you distribute the signature verification key and associate it with an identity? Is there a requirement to escrow or recover the key(s) if the password can't be remembered? Etc.
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
