[cryptography] no-keyring public

Greg Rose ggr at seer-grog.net
Sat Aug 24 13:03:21 EDT 2013

On Aug 24, 2013, at 9:30 , Krisztián Pintér <pinterkr at gmail.com> wrote:

> hi list,
> i had an epiphany today, and i wonder if such a thing already exists or not.
> so the usual thing is to create a key pair, store the private key encripted with a password. we automatically get a two factor authentication, we have a "know" and a "have". okay, but what if we don't want this, and we want our old password only, no keyring approach?
> we can do that. how about this? stretch the password with some KDF, derive a seed to a PRNG, and use the PRNG to create the the key pair. if the algorithm is fixed, it will end up with the same keypair every time. voila, no-keyring password-only public key cryptography.
> do you see any downsides to that, besides the obvious ones that follow from the no-keyring requirement? (slow, weak password.)

If everyone uses a unique generation algorithm, or stores some sort of salt, the situation hasn't changed; you still need the same storage. So assume that the algorithm is standard and has no stored inputs.

Then the password used becomes susceptible to the usual offline attacks. Since the public key is public, you can build rainbow tables, do arbitrary parallelization, etc. You'd definitely want to use a very strong password, even if the generation algorithm is slow. And you can't change it if it is compromised! (This might be the biggest problem.)

So, a few practicality problems, but otherwise I think it works. It has some parallels to Identity Based Encryption.


More information about the cryptography mailing list