[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ArcotSign (was Re: Does security depend on hardware?)




At 02:20 PM 9/22/98 +0100, Mok-Kong Shen wrote:
>Bruce Schneier wrote:
>> 
>> At 12:48 PM 9/22/98 +0100, Mok-Kong Shen wrote:
>> >Bruce Schneier wrote:
>
>> >> He uses a remembered secret and some mathematical magic.
>> >
>> >Another naive question: Why is the remembered secret not sufficient
>> >(thus doing away with the magic)?
>> 
>> One of the significant improvements is that the scheme is immune to
>> offline password guessing attacks.
>
>If the 'mathematical magic' is not to be kept secret (as in principle
>shouldn't for all crypto algorithms) then presumably one could
>attack through brute forcing the 'remembered secrect', I guess.

Yes, but only through an on-line protocol.   And if the server has some
kind of "turn the user off after ten bad password guesses," then the
atack doesn't work.

>(I suppose the 'remembered secret' has less bits then the 'password'
>that is to be retrieved from the pool of millions with the
>'mathematical magic'). So the advantages of the scheme appear to
>remain unclear as a matter of principle.

The advantages are that offline password guessing is impossible.

Bruce
**********************************************************************
Bruce Schneier, President, Counterpane Systems     Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN  55419      Fax: 612-823-1590
           Free crypto newsletter.  See:  http://www.counterpane.com