[cryptography] no-keyring public

Jeffrey Goldberg jeffrey at goldmark.org
Sat Aug 24 13:37:25 EDT 2013

Szervusz Kristián.

On August 24, 2013 at 11:29:57 AM, Krisztián Pintér (pinterkr at gmail.com) wrote:
so the usual thing is to create a key pair, store the private key encripted with a password. we automatically get a two factor authentication, we have a "know" and a "have". 
Yep. We need both the private key file and the password to decrypt it. I’ve called this “one and a half factor” at times.

how about this? stretch the password with some KDF, derive a seed to a PRNG, and use the PRNG to create the the key pair. if the algorithm is fixed, it will end up with the same keypair every time. voila, no-keyring password-only public key cryptography. 
I’m not sure why this would be preferable to simply storing the password protected private key in a public place. It has the identical benefits in that the user doesn’t need to maintain and copy their private key from place to place, and it shares the same basic problem (you need a very good KDF and password), but it introduces other problems:

1. In your system the KDF for creating the seed to PRNG can’t be salted. And so two people with the same password will end up with the same key pair. (You could store the salt in some public place, but if you are doing to do that, you might as well store the encrypted private key.)

2. You can’t change your password without changing your key pair. (Though password changes don’t do a lot of good with the current system either.)

3. Key generation is slow and complex, presenting a greater opportunity for side channel attacks.

4. This means that we can never improve key generation. The particular heuristics that are used know with the identical parameters are things things that we will be stuck with.

5. Key generation is slow (as you mentioned)

If your goal is to not have to have people keep track of their private key files, I’m not sure that this is a good way to do that. (Though I recently encountered this problem. I didn’t have my private keys on my “travel” laptop. I thought I’d saved them in my password manager, but it turns out I’d only saved the public keys.)



More information about the cryptography mailing list