Rick Smith <[EMAIL PROTECTED]> writes:
> If you can control the risk of off-line attacks (i.e. theft of the password
> file) then attackers are stuck performing on-line attacks. The system under
> attack can usually detect on-line attacks and take countermeasures to
> reduce the risk of a successful penetration.
>
> A related strategy is to combine the simple secret with a larger, more
> random secret. But this provides better security only if you can keep
> attackers from stealing the larger secret. One approach is to embed the
> larger secret inside a tamper resistant device like a smart card, and set
> up a protocol that doesn't allow the secret to leak out. But there's still
> the challenge of protecting the copy of the secret stored on the server.
The SRP authors (http://srp.stanford.edu/) suggest that SRP can be
enhanced such that the server knows neither secret, only a verifier
for the secrets. This means you have to extract the secret from the
smartcard itself.
The other technique worth mentioning is key stretching: artificially
increasing the time it takes to convert the passphrase into the form
used for verification. Any attack based on the lower entropy of
passphrases will have to do this work for every trial passphrase,
potentially making it far more expensive. See
John Kelsey, Bruce Schneier, Chris Hall, David Wagner, "Secure
Applications of Low-Entropy Keys",
http://www.counterpane.com/low-entropy.pdf
I also have a slightly longer summary on
http://www.cluefactory.org.uk/paul/postings/news-619.txt
--
__
\/ o\ [EMAIL PROTECTED] *NOTE NEW EMAIL ADDRESS* \ /
/\__/ Paul Crowley http://www.cluefactory.org.uk/paul/ /~\
