Dmitry Salnikov <[EMAIL PROTECTED]> wrote: >> Uhm... digigold used public key based authentication. Clearly that is >> superior to any password based mechanism with regard to robot attacks. > > There should be serious analysis which should be done > by good cryptographers in order to back this statement. > The sort of technical audit for user confidence. > > Any pointers to published information > about analysis of this particular case?
Not directly, but it is not that hard. First of all, passphrases over SSL can't be stronger than public key authentication, if both are based on the same keysize and algorithm. As 1024 bit RSA is commonly used for both, so this is the case. If you can break 1024 bit RSA, you can read the passphrase sent over the SSL connection and if an RSA signature is used for authentication, you can forge one. The best attack against 1024 bit RSA currently has, according to http://www.cryptosavvy.com/, a cost equivalence of about 85 bits of symmetric key encryption. Now you don't need a robot attack for this: you can verify yourself if you have produced a correct RSA signature and thus this attack can be executed much faster than a robot attack on passphrases. Let's be generous and assume that this robot attack is about a million times slower. That means that in the same time one can break a 1024 bit RSA key, one can test about 2^65 passphrases. That translates to a passphrase of about 46 characters english text (1.4 bits of entropy per character) and about 11 characters of truly random characters (uppercase, lowercase, numbers and symbols, 6 bits of entropy per character). How many people do you know who are willing and capable of remembering such passphrases? > The probability to guess good passphrase is really small one > and it is just not practical to use brute force attack by robots, > I think that intruders are trying to guess the simplest ones, > which may be prevented to create by dictionary software. The reality is that people do not want to remember complex passwords and do not understand the necessity of it. People use the same password in many places and it is usually a very simple one as well. Dictionary software does not help against foreign languages or things like 'qwerty'. That said, yes, it is possible to use passphrase based authentication that is as secure as public key based authentication. That advantage of public key based authentication is that you can be sure that all your users have enough protection, while with passphrase based authentication 99% of them will have insecure passphrases. > At the same time public key based authentication will > prevent e-gold from offering the security of account access > from any secure computer using the simplest secure browser > with SSL encryption. Actually this is something you probably don't want: accessing your e-gold account from anything but your own computer (like a public terminal) is a bad idea in the first place. And of course this should also not be the same computer where you open your e-mails with MS Outlook. > User will need to install some alien software in > order to compute things needed for public key authentication, > which will be rather the source for more security concerns > than benefits in this particular case. That's not entirely true: goldmoney already supports client side certificates, which are supported by the major browsers. And I do agree that special software just for some stronger authentication is probably not worh the trouble, especially because browsers already support it. SOX however provide much more than just that. (SOX is the protocol used between client and server for Ricardian currencies, like digigold was) Edwin --- You are currently subscribed to e-gold-list as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED] http://www.e-gold.com/stats.html lets you observe the e-gold system's activity now!
