RE: KISS for PKIX. (Was: RE:Asymmetric authentication

["Waters, Stephen" <Stephen.Waters@xxxxxxxxxxxxx>]

Stephen,

I think we should make things as hard as possible to access the private
authentication information, but this approach doesn't (unless I
misunderstand) offer a way to engage the central site.  It may take me
longer, but I can still crack the sole authentication method 'off-line'. 

Cheers, Steve.

-----Original Message-----
From: Stephen Kent [mailto:kent@bbn.com]
Sent: Wednesday, July 21, 1999 3:38 PM
To: Waters, Stephen
Cc: ietf-pkix@imc.org
Subject: RE: KISS for PKIX. (Was: RE:Asymmetric authentication


Stephen and David,

There is another approach here, that I first heard suggested by Jeff
Schiller a number of years ago. One could remember a pass phrase and use it
as the seed for a PRNG, which then feeds into a key pair selection
algorithm, thus recreating one's private key, rather than storing it. It
occurs to me that some additonal entropy could be provided by a second seed
value, saved in encrypted form and decrypted with the pass phrase.  because
this second value would be random (preferavly from a non-deterministic
source) attempts to decrypt it do not yield quick confirmation of gusses.
Instead, one has to try to use the pair of values (the pass phrase guess
and the decrypted second seed), to genreate a key pair, and then check to
see if the result yields the public key for the user. This approach is
clearly much, much slower that just decrypting a stored key, but it allows
a greater degree of security vs. a stored private key encrypted with a
password, and makes offline guessing attacks more costly.  Also, because
one hash complete freedom in choosing the pass phrase, it should be easier
to remember than a string of words formed from the bit pattern of a private
key.

Just a thought,

Steve