Re: Death of PGP Key 0xFBAF5E44 at 19:03 02 Jan 1999 UTC

New Message Reply About this list Date view Thread view Subject view Author view

Peter Gutmann (pgut001@cs.auckland.ac.nz)
Sun, 3 Jan 1999 21:54:16 (NZDT)


>One major advantage of being able to carry around your verification in your
>head is that you can create your secret key on any machine.
 
And so can anyone else who can guess your password. This is why it's always a
good idea to combine something you have (eg an encrypted nonce stored on your
PC) with what you're carrying around in your head. An additional advantage is
that it makes it possible to destroy your key when you need to, something
which isn't possible with a purely password-based one.
 
>This is a plug, but it's taken at the most opportune time I can imagine. If
>PGP used elliptic curve PK you wouldn't have this problem. Your verification
>can be regened by hashing your pass phrase.
 
You can also do this with many DLP-based PKC's where x can be a hash of a
passphrase.
 
Peter.


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:01