[This conversation is spanning three mailing lists -- firstname.lastname@example.org, [EMAIL PROTECTED], and tahoe- [EMAIL PROTECTED] . Some of the posts have not reached all three of those lists. I've manually added Jerry Leichter and Ivan Krstić to the approved-senders set for p2p-hackers
On Sun, Mar 30, 2008 at 05:13:07PM -0400, Ivan Krsti?? wrote: That's a brute force search. If your convergence key, instead of being a simple file hash, is obtained through a deterministic but computationally expensive function such as PBKDF2 (or the OpenBSD bcrypt, etc), then step 3
zooko wrote: Think of it like this: Passwords are susceptible to brute-force and/or dictionary attack. We can't, in general, prevent attackers from trying guesses at our passwords without also preventing users from using them, so instead we employ various techniques: * salts (to
Hi, Sorry for arriving late into this thread... zooko [EMAIL PROTECTED] writes: The Learn-Partial-Information Attack They extended the confirmation-of-a-file attack into the learn-partial-information attack. In this new attack, the attacker learns some information from the
Ivan Krsti? wrote: 1. take partially known plaintext 2. make a guess, randomly or more intelligently where possible, about the unknown parts 3. take the current integrated partial+guessed plaintext, hash to obtain convergence key 4. verify whether that key exists in the storage index 5. if
On Mar 30, 2008, at 9:37 PM, zooko wrote: You can store your True Name, credit card number, bank account number, mother's maiden name, and so forth, on the same server as your password, but you don't have to worry about using salts or key strengthening on those latter secrets, because the server
On Mar 31, 2008, at 6:44 AM, James A. Donald wrote: Better still, have a limited supply of tickets that enable one to construct the convergence key. Enough tickets for all normal usage, but not enough to perform an exhaustive search. [...] If you give the ticket issuing computers an
Ben Laurie [EMAIL PROTECTED] writes: And so we end up at the position that we have ended up at so many times before: the GTCYM has to have a decent processor, a keyboard and a screen, and must be portable and secure. One day we'll stop concluding this and actually do something about it.