[cryptography] no-keyring public

Krisztián Pintér pinterkr at gmail.com
Sat Aug 24 14:14:00 EDT 2013

adjisten :)

> 1. In your system the KDF for creating the seed to PRNG can’t be
> salted. 

nope, it can't be.

> And so two people with the same password will end up with
> the same key pair.

for this reason, and others, a really strong key phrase is needed for that reason. this is definitely a problem, but it is a problem that i believe follows from the no-keyring requirement. i see no way around it.

> 3. Key generation is slow and complex, presenting a greater
> opportunity for side channel attacks.

that is also a problem, since the algo probably needs to be implemented and executeed in a lot of places. otherwise, why no keyring? it is less of a problem if we have widely used high quality software libraries.

> 4. This means that we can never improve key generation.

we can. we can incorporate any easy to remember information in the key generation process. like version number, purpose, etc. it is technically part of the password, except does not have to be hard to guess. quite the opposite, it has to be straightforward to remember. kinda like i choose SSH1, SSH2 RSA, SSH2 DSA in puttygen.

as a weird approach, the program can even try to guess these. it can try to generate keypairs with different settings, and see which results in the proper public key.

> If your goal is to not have to have people keep track of their
> private key files, I’m not sure that this is a good way to do that.

do you see any weaknesses in this proposal that does not apply to all keyring-less, single-factor, pure-pwd approaches?

More information about the cryptography mailing list