[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Safemail
Timothy C. May wrote:
>
> I haven't seen this particular idea, but a general point to always bear in
> mind is that "entropy doesn't increase" (despite what you may have heard
> about that other kind of entropy....).
>
> To wit, if there are N bits of entropy in a passphrase (or whatever is the
> basic key, be it typed in, read from a floppy, whatever), then no amount of
> deterministic crunching by a PRNG (or whatever) will increase this.
>
> (I say "deterministic" in the sense that all parties presumably need to run
> the same PRNG and get the same output from the same "seed" (= passphrase,
> in this scheme). Thus, the PRNG cannot add additional randomness or
> entropy. Unless I am misunderstanding the proposal...)
>
> So, if the passphrase is 22 characters, as in the "Safemail" proposal (such
> as it is), that's all that can be gotten. Period. There just aren't enough
> "places" in the space of starting points. Anyone with access to the
> algorithms used to process the 22 characters (154 bits if 7 bits are used
> for each character) can brute force search the space in a relatively short
> time. (If the later processing algorithms are supposed to be "secret," then
> of course this a cryptographic faux pas of the first magnitude, usually
> dismissed as "security through obscurity.")
Generally agreed, but I would like to mention a couple of points. I would
argue that 154 bits of entropy is enough, but then I would also argue that
a 22 character passphrase is unlikely to generate these 154 bits of entropy.
Gary
--
pub 1024/C001D00D 1996/01/22 Gary Howland <[email protected]>
Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06