Re: Hashing algorithm needed

[James A. Donald]

On 2010-09-09 6:35 AM, Ben Laurie wrote:

What I do in Nigori for this is use DSA. Your private key, x, is the
hash of the login info. The server has g^x, from which it cannot
recover x,


Except, of course, by dictionary attack, hence g^x, being low
entropy, is treated as a shared secret.

and the client does DSA using x.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Re: Hashing algorithm needed

[Ben Laurie]

On 9 September 2010 10:08, James A. Donald jam...@echeque.com wrote:
 On 2010-09-09 6:35 AM, Ben Laurie wrote:

 What I do in Nigori for this is use DSA. Your private key, x, is the
 hash of the login info. The server has g^x, from which it cannot
 recover x,

 Except, of course, by dictionary attack, hence g^x, being low
 entropy, is treated as a shared secret.

Indeed, if it is low entropy (I don't think you can assume it is,
though I'll readily agree it is likely to be), then it is subject to a
dictionary attack.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com