Re: simple, secret, algorithm implications when communicating with yourself?
- From: Kevin Buhr <buhr+un@xxxxxxxxxxx>
- Date: Fri, 09 Jun 2006 06:18:38 GMT
Tim Smith <reply_in_group@xxxxxxxxxxxxxxxx> writes:
So, suppose Alice were to do this. She logs in on her Linux box. She opens
her favorite editor, and enters this:
sha1sum |
sha1sum |
sha1sum |
sha1sum |
...
sha1sum
where there are 1960 lines (she was born in 1960).
Are we assuming an attacker would have access to the encrypted key
recovery file?
If so, why not throw out KEY1, use the passphrase
"secret|1960*sha1sum" in its place, and forget about a special key
recovery algorithm entirely?
This new passphrase doesn't seem to be any more difficult for Alice to
remember than the details of the proposed key recovery algorithm, the
algorithm and new passphrase appear to have roughly comparable levels
of entropy, and using this new passphrase seems to me to be no less
secure than your secret algorithm proposal.
--
Kevin Buhr <buhr+un@xxxxxxxxxxx>
.
- Follow-Ups:
- Re: simple, secret, algorithm implications when communicating with yourself?
- From: utternoncese...@xxxxxxxxx
- Re: simple, secret, algorithm implications when communicating with yourself?
- References:
- Prev by Date: Re: Ultra-Fast Stateless Forward Signing
- Next by Date: Re: Non-secure hash with a secure cipher
- Previous by thread: Re: simple, secret, algorithm implications when communicating with yourself?
- Next by thread: Re: simple, secret, algorithm implications when communicating with yourself?
- Index(es):
