-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 26/07/13 21:42, Francisco Ruiz wrote: > PassLok performs public-key cryptography using the Diffie-Hellman > key exchange rather than RSA, so you can use whatever secret key > you want. Hopefully something that is both very hard to guess and > easy to remember, so you never have to write it down. PassLok will > help you to come up with a strong key, but won't force you in any > way.
Hi Francisco, It looks like you're generating a Diffie-Hellman key pair from a passphrase using PBKDF2 with no salt and a single iteration. That's a bad idea - the resulting key pair will be susceptible to a dictionary attack by anyone who knows the public key, or a message encrypted with the public key, or a message signed with the private key. Worse, because you don't use salt, the dictionary attack can be carried out in advance by building a rainbow table. Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJR9DYyAAoJEBEET9GfxSfMNzsH/jU6WrzE7Y9jeLTtMBTahhJX KpzdmHSYp3D457YxLj2WVP4hj0fqf2ygaers3N9O2QRNU69tkv/eZZdbezCGcdWr FQ/Dg/hp7nMEKZTJEmkzKfxQUQkB7WRWxJsk9Bl15UehctsEPNkEcLT0SA75I8Q+ cWoEyfOF4/+jY+JgAoWi/rsU/G1Frlg/dwqS0MNvGTDLTvAeOPjJqlx+RWTG00kA 5SpoYYJJobxyR9b1GkbvapwaOSviuNGVYG8vNi5mNv/C55OGCWGIBm+L/RItf6Yl 8XNaSY9XJaVC1k6+q1QQTFlav8SzTBfzFLUoFcX+fOWd3gPgPtAjwfLv1moOuDc= =DJzx -----END PGP SIGNATURE----- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
