[cryptography] no-keyring public

James A. Donald jamesd at echeque.com
Sat Aug 24 18:19:32 EDT 2013

On 2013-08-25 7:58 AM, James A. Donald wrote:
> On 2013-08-25 2:30 AM, � wrote:
>> hi list,
>> i had an epiphany today, and i wonder if such a thing already exists 
>> or not.
>> so the usual thing is to create a key pair, store the private key 
>> encripted with a password. we automatically get a two factor 
>> authentication, we have a "know" and a "have". okay, but what if we 
>> don't want this, and we want our old password only, no keyring approach?
>> we can do that. how about this? stretch the password with some KDF, 
>> derive a seed to a PRNG, and use the PRNG to create the the key pair. 
>> if the algorithm is fixed, it will end up with the same keypair every 
>> time. voila, no-keyring password-only public key cryptography.
>> do you see any downsides to that, besides the obvious ones that 
>> follow from the no-keyring requirement? (slow, weak password.)
>> has anybody done something like that already? does it have a name?
> Attacker applies dictionary attack.
> To avoid dictionary attack, use zero knowledge passphrase proof 
> (ZKPP)to obtain passphrase authenticated key agreement with a server 
> (for which the acronym is PAKE, not PAKA as one might expect)
> Server supplies a unique salt, derived from the server's secret and 
> the user login, with the user combines with his passprhase

If user has strong passphrase, server cannot guess user's secret key

If user has weak passphrase, server, but not eavesdropper, can 
reconstruct secret key by dictionary attack.

More information about the cryptography mailing list