----- Original Message ----- From: "Bill Stewart" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; "William Allen Simpson" <[EMAIL PROTECTED]> Sent: Friday, December 08, 2000 11:58 PM Subject: Re: migration paradigm (was: Is PGP broken?) > A more important problem with passphrase-based keys is collisions - > two people picking wimpy passwords can end up with the same keys. > This means that you need to use something besides the key to differentiate > between the users. It's not always a problem - if you've got your > database of known public keys sorted by email address, it's ok, > but if you've got it sorted by public key, you may have a problem. Salt should take care of this (as well as reducing the effectiveness of dictionary attacks). Enzo
- Re: migration paradigm (was: Is PG... Rick Smith at Secure Computing
- Re: migration paradigm (was: I... Arnold G. Reinhold
- DOD rescues Iridium Arnold G. Reinhold
- Re: DOD rescues Iridi... David Honig
- Re: migration paradigm (was: I... Peter Fairbrother
- Re: migration paradigm (wa... Rick Smith at Secure Computing
- Re: migration paradig... Paul Crowley
- Re: migration paradig... Arnold G. Reinhold
- Re: migration par... Albert P. Belle Isle
- Re: migration paradigm (was: I... Bill Stewart
- Re: migration paradigm (wa... Enzo Michelangeli
- Re: migration paradig... Ray Dillinger
- Re: migration par... Paul Crowley
- Re: migration paradigm (was: Is PGP broken?... Steven M. Bellovin
- Re: Re: migration paradigm (was: Is PGP bro... sao19677
- Re: migration paradigm (was: Is PGP broken?... Antonomasia
- Re: migration paradigm (was: Is PGP broken?... Ray Dillinger
- Re: migration paradigm (was: Is PGP br... Enzo Michelangeli