>James A. Donald:
>The problem is that I assume that people find each other's IP and transient
>public key through the server. I also assume the user's computer is
>insecure, the user is ignorant and careless about security and the user may
>change computers from time to time. Thus his publi
At 09:48 AM 7/23/00 -0700, James A. Donald wrote:
...
> > > The public key is G^(p+q).
> > > The secret key is p+q, and the user never seeks to find out q.
> > > The server establishes the user's identity by verifying that he
> > > knows p corresponding to the shared secret G^p. It then, on a
> >
--
At 12:15 PM 7/22/2000 -0700, [EMAIL PROTECTED] wrote:
> You could have a slightly simpler system by just letting G^q be the
> user's public key,
Which gives the server unlimited power to read the users mail and
impersonate the user, even if the user is using a high entropy passphrase.
--
At 02:36 PM 7/22/2000 -0400, David Jablon wrote:
> James,
>
> The approach of splitting the key into low and high entropy parts is
> obvious, but you're solution is probably not obvious to very many
> people. At least it wasn't to me.
>
> Can you elaborate on the points below?
At
James,
The approach of splitting the key into low and high entropy parts is
obvious, but you're solution is probably not obvious to very many people.
At least it wasn't to me.
Can you elaborate on the points below?
At 09:50 PM 7/21/00 -0700, James A. Donald wrote:
>On reflection, the obvious so
You didn't specify whether q was the same or different for everyone.
q must be different for every person, because if it were the same,
each user could deduce G^q by knowing p and G^(p+q), and from that
they can find other people's p values.
You could have a slightly simpler system by just lettin
--
James A. Donald:
>The problem is that I assume that people find each other's IP and
> transient public key through the server. I also assume the user's
> computer is insecure, the user is ignorant and careless about
> security and the user may change computers from time to time. Thu
--
At 06:16 PM 7/20/2000 -0400, David Jablon wrote:
> This is a solved problem, under slightly different assumptions.
At 07:34 AM 7/20/00 -0700, James A. Donald wrote:
> > One can achieve almost the same effect by having transient user
> > keys separate from the user logon key, random key
This is a solved problem, under slightly different assumptions.
At 07:34 AM 7/20/00 -0700, James A. Donald wrote:
> --
>Weak user keys.
>
>Suppose the user's key p, may be weak and easily guessed from G^p
>
>Suppose the key server constructs for each user a strong supplementary
>key, q. whic
--
Weak user keys.
Suppose the user's key p, may be weak and easily guessed from G^p
Suppose the key server constructs for each user a strong supplementary key,
q. which the server knows but the user does not know.
We would like the keyserver to protect people who are not so paranoid as
10 matches
Mail list logo
