[cryptography] no-keyring public

James A. Donald jamesd at echeque.com
Sat Aug 24 17:58:55 EDT 2013

On 2013-08-25 2:30 AM, � wrote:
> hi list,
> i had an epiphany today, and i wonder if such a thing already exists or not.
> so the usual thing is to create a key pair, store the private key encripted with a password. we automatically get a two factor authentication, we have a "know" and a "have". okay, but what if we don't want this, and we want our old password only, no keyring approach?
> we can do that. how about this? stretch the password with some KDF, derive a seed to a PRNG, and use the PRNG to create the the key pair. if the algorithm is fixed, it will end up with the same keypair every time. voila, no-keyring password-only public key cryptography.
> do you see any downsides to that, besides the obvious ones that follow from the no-keyring requirement? (slow, weak password.)
> has anybody done something like that already? does it have a name?

Attacker applies dictionary attack.

To avoid dictionary attack, use zero knowledge passphrase proof (ZKPP)to 
obtain passphrase authenticated key agreement with a server (for which 
the acronym is PAKE, not PAKA as one might expect)

Server supplies a unique salt, derived from the server's secret and the 
user login, with the user combines with his passprhase

More information about the cryptography mailing list