> That's the reason secure tokens exist: they do not in any way allow
> 'public' access to the secrets stored. Think of them as 'write once'
> devices; they are secured by off-loading part of the crypto process to
> the token itself: you will only be able to read derived data. Since you
> use a nonsecure token storage, the whole exercise about RSA or El Gamal
> et al becomes moot, as I assume the password/pin used will contain far
> less entropy than any other part of your crypto system will be able to
> transport anyway (ever met a human who can remember a 128 bit secret key
> without keeping notes?).
Actually, human beings can trivially remember secrets with the eqivalent of
128-bits or more. For example:
Approximate Bits: Phrase:
140 y doth h3 4sake Me?
110 ! oppose the deth penalty
96 1 like big BUTZ
90 Fr33dom N0w!
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
