William Allen Simpson <[EMAIL PROTECTED]> writes:
> My requirements were (off the top of my head, there were more):
>
> 4) an agreed algorithm for generating private keys directly from
> the passphrase, rather than keeping a private key database.
> Moving folks from laptop to desktop has been pretty hard, and
> public terminals are useless. AFS/Kerberos did this with a
> "well-known" string-to-key algorithm, and it's hard to convince
> folks to use a new system that's actually harder to use. We need
> to design for ease of use!
This is a major security weakness. The strength of the key relies
entirely on the strength of the memorized password. Experience has
shown that keys will not be strong if this mechanism is used.
There must be something more. At a minimum it can be a piece of paper
with the written-down, long passphrase. Or it can be a smart card
with your key on it. Conceivably it could also be a secure server that
you trust and access with a short passphrase, where the server can log
incorrect passphrase guesses. But if you can attack a public key purely
by guessing the memorized passphrase which generated the secret part,
the system will not be secure.
