On Sun, 10 Dec 2000, Enzo Michelangeli wrote:
>> A more important problem with passphrase-based keys is collisions -
>> two people picking wimpy passwords can end up with the same keys.
>
>Salt should take care of this (as well as reducing the effectiveness
>of dictionary attacks).
There are times and places where you can use salt, and times and places
where you can't. In order to use salt with a passphrase, you have to
store it somewhere. And that means that a person who has only the
ciphertext and the passphrase cannot decrypt. If you use salt, then
the ciphertext can be decrypted only in an environment where that
particular salt is available. That makes it nearly useless for
networks or backups.
Bear
- Re: migration paradigm (was: I... Arnold G. Reinhold
- DOD rescues Iridium Arnold G. Reinhold
- Re: DOD rescues Iridi... David Honig
- Re: migration paradigm (was: I... Peter Fairbrother
- Re: migration paradigm (wa... Rick Smith at Secure Computing
- Re: migration paradig... Paul Crowley
- Re: migration paradig... Arnold G. Reinhold
- Re: migration par... Albert P. Belle Isle
- Re: migration paradigm (was: I... Bill Stewart
- Re: migration paradigm (wa... Enzo Michelangeli
- Re: migration paradig... Ray Dillinger
- Re: migration par... Paul Crowley
- Re: migration paradigm (was: Is PGP broken?... Steven M. Bellovin
- Re: Re: migration paradigm (was: Is PGP bro... sao19677
- Re: migration paradigm (was: Is PGP broken?... Antonomasia
- Re: migration paradigm (was: Is PGP broken?... Ray Dillinger
- Re: migration paradigm (was: Is PGP br... Enzo Michelangeli
