Re: ArcotSign (was Re: Does security depend on hardware?)

Ben Laurie (ben@algroup.co.uk)
Wed, 23 Sep 1998 09:58:27 +0100

• Next message: Bruce Schneier: "Re: ArcotSign (was Re: Does security depend on hardware?)"
• Previous message: Mok-Kong Shen: "Re: Alcot"
• In reply to: Michael_Honeth@hc-sc.gc.ca: "Alcot"
• Next in thread: Douglas Hoover: "Re: ArcotSign (was Re: Does security depend on hardware?)"

David Jablon wrote:
>
> Bruce Schneier wrote:
> >> The advantages are that offline password guessing is impossible.
>
> At 03:24 PM 9/22/98 +0100, Ben Laurie wrote:
> > The 'I' word always makes me nervous - do you really mean that, or do
> > you just mean "very difficult"?
>
> Why be nervous? It's not that hard to prevent off-line
> guessing of the PIN, given access to just the client's stored
> data. Here "impossible" means "as hard as breaking your
> favorite PK method".

Which is:

a) not impossible
b) not proven to be as difficult as we think it is (cf. quantum
computers, novel factorisation methods).

That's why.

Cheers,

Ben.

-- 
Ben Laurie            |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org/
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd,     |Apache-SSL author     http://www.apache-ssl.org/
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache/
WE'RE RECRUITING! http://www.aldigital.co.uk/

• Next message: Bruce Schneier: "Re: ArcotSign (was Re: Does security depend on hardware?)"
• Previous message: Mok-Kong Shen: "Re: Alcot"
• In reply to: Michael_Honeth@hc-sc.gc.ca: "Alcot"
• Next in thread: Douglas Hoover: "Re: ArcotSign (was Re: Does security depend on hardware?)"