[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Using a password as a private key.

To: [email protected]
Subject: Re: Using a password as a private key.
From: [email protected] (Ulf M�ller)
Date: Wed, 28 Oct 98 23:08 +0100
Cc: [email protected]
In-Reply-To: <[email protected]>
Organization: HR13
Sender: [email protected]


>&#130;&#130;&#130;&#130;Assymetic crypto systems such as
>Diffie-Hellman, El-Gamel, and DSS, allow the private key to be a
>randomly chosen number. &#130;But, as a cute hack, instead of using a
>random number, for the private key, you could use a hash of the User
>Name, and a password. 

That has been proposed in the context of elliptic curve cryptography
where the keys don't need much entropy. I think George Barwood's
pegwit works that way.

I don't like the idea though. You're giving everybody the chance to
run a password guessing attack on your secret key.

Follow-Ups:
- Re: Using a password as a private key.
  - From: [email protected]

References:
- Using a password as a private key.
  - From: RedRook <[email protected]>

Prev by Date: Re: lotus notes id file
Next by Date: An interesting set of observations... [fwd]
Prev by thread: Using a password as a private key.
Next by thread: Re: Using a password as a private key.
Index(es):
- Date
- Thread