[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: don't use passwords as private keys (was Re: Using a password as a private key.)



You don't know you have to destroy a key file, until it is too late.
Until then, it's just laying around waiting for some one to copy and
crack. If you are paranoid enough to assume your opponent is going to
torcher you to get your signature password, you should assume that he
already has your keyfile, and is willing to torcher you to get it's
password.

Thus coercion and dicitonary attacks are moot points. That is, if your
password is good enough.

So, what's worse; guarding a high entopy password with a low entropy
password, or trying to memorize a high entropy password?

Harv


Adam Back <[email protected]> wrote:
>
> 
> Some people have been talking about using passwords as private keys.
> (By using the passphrase as seed material for regenerating the private
> and public key).
> 
> I don't think this is a good idea.
> 
> You can't forget passphrases.  You can destroy private key files.
> 
> Therefore you open yourself up to coercion, and forward secrecy is not
> possbile with these schemes.  This means it is less secure.
> 
> The other reason it is less secure others commented on: you provide an
> open target for dictionary attacks.  I wouldn't want to do that, even
> with high entropy passphrase, it loses one important line of defense:
> unavailability of private key file.
> 
> Adam
> 
_________________________________________________________
DO YOU YAHOO!?
Get your free @yahoo.com address at http://mail.yahoo.com