At 11:42 AM 05/10/2000 +0200, Sergio Tabanelli wrote:
>Perhaps this can be out of topic, but recently I was involved in a
>discussion on metods to generate strong password starting from easy to
>remember word or sentence, there I proposed to use a private key to encrypt
>easy to remember words. Is this is a valid or applicable metod?
>
>[Ex Nihil, Nihil. If you start with only the universe of easy words,
>the maximum entropy of your passphrase is is limited. Pull, stretch,
>squish and mangle it any way you like -- you cannot increase the
>entropy of something by a deterministic algorithm. You can at best
>obscure it well.... --Perry]
Steve Bellovin's Encrypted Key Exchange (EKE) and some related protocols
including A-EKE and SPEKE provide various ways to use a short shared secret
with random numbers and Diffie-Hellman to provide a stronger key exchange
than the shared secret alone could do. The main objective is to make it
safer to use human-rememberable passphrases with low risks from
attacks like dictionary search.
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
