[cryptography] no-keyring public

Krisztián Pintér pinterkr at gmail.com
Sat Aug 24 12:30:11 EDT 2013


hi list,

i had an epiphany today, and i wonder if such a thing already exists or not.

so the usual thing is to create a key pair, store the private key encripted with a password. we automatically get a two factor authentication, we have a "know" and a "have". okay, but what if we don't want this, and we want our old password only, no keyring approach?

we can do that. how about this? stretch the password with some KDF, derive a seed to a PRNG, and use the PRNG to create the the key pair. if the algorithm is fixed, it will end up with the same keypair every time. voila, no-keyring password-only public key cryptography.

do you see any downsides to that, besides the obvious ones that follow from the no-keyring requirement? (slow, weak password.)

has anybody done something like that already? does it have a name?


regs,
Krisztián



More information about the cryptography mailing list