Quick key generation from passphrases

New Message Reply About this list Date view Thread view Subject view Author view

Anonymous (nobody@replay.com)
Sun, 3 Jan 1999 23:01:15 +0100


I sent this message a while ago with a different subject line and slightly
different text, and the original seems to be taking much longer to show up than
it should take for the length of the remailer chain. Apologies if this ends up
being a duplicate.

> This is a plug, but it's taken at the most opportune time I can imagine.
> If PGP used elliptic curve PK you wouldn't have this problem. Your
> verification can be regened by hashing your pass phrase. That's not the
> same as being unlocked, it's being recreated. From your wetware. If that
> goes, all your data is lost too.

The same can be done with any public-key cryptosystem provided you trust some
symmetric cipher (if you don't, don't use PGP :). Use the passphrase to key a
stream cipher or feedback-mode block cipher; the resulting keystream can be
used in prime generation as if it were the random number generator's output. If
you want to store p and q for convenience (i.e., so you don't have to
regenerate them every time), you can siphon off a kilobyte or so of stream
before the prime generation, XOR it with the private key once the key's
generated, and store that.

When it's time to use the key, you regenerate the KB of stream from the
passphrase and use it to reverse the XOR, and when your computer crashes, you
just go through the whole process from the start on your new computer; same
passphrase -> same private key. Using the stored key doesn't take any longer
than using any other encrypted stored key, nor does regenerating it take
noticeably longer than a normal key generation.

However, that approach has its disadvantages. It's been said that a combination
of "something you have" (in this case, a key based on computer-generated
randomness) and "something you know" (in this case, the passphrase) is better
than either "something you have" or "something you know" alone, and I agree.

P'r'aps distributing secret random numbers to trusted friends and them XORing
them together with the hashed passphrase (or something similar using k-of-n
secret-sharing) would be a Good Thing. That way, it's "something you or your
friends have" and "something you know," which should allow fairly easy key
regeneration after a crash without adding so severe a rubber-hose risk.

>
> One major advantage of being able to carry around your verification in your
> head is that you can create your secret key on any machine. That's also
> dangerous for the unaware, but in this case you could have recoverd most of
> your data and not have had to send the message.
>
> Patience, persistence, truth,
> Dr. mike


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:01