At 02:20 PM 9/22/98 +0100, Mok-Kong Shen wrote:
Bruce Schneier wrote:
At 12:48 PM 9/22/98 +0100, Mok-Kong Shen wrote:
Bruce Schneier wrote:
He uses a remembered secret and some mathematical magic.
Another naive question: Why is the remembered secret not sufficient (thus doing away with the magic)?
One of the significant improvements is that the scheme is immune to offline password guessing attacks.
If the 'mathematical magic' is not to be kept secret (as in principle shouldn't for all crypto algorithms) then presumably one could attack through brute forcing the 'remembered secrect', I guess.
Yes, but only through an on-line protocol. And if the server has some kind of "turn the user off after ten bad password guesses," then the atack doesn't work.
(I suppose the 'remembered secret' has less bits then the 'password' that is to be retrieved from the pool of millions with the 'mathematical magic'). So the advantages of the scheme appear to remain unclear as a matter of principle.
The advantages are that offline password guessing is impossible. Bruce ********************************************************************** Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098 101 E Minnehaha Parkway, Minneapolis, MN 55419 Fax: 612-823-1590 Free crypto newsletter. See: http://www.counterpane.com