Bruce Schneier wrote:
(I suppose the 'remembered secret' has less bits then the 'password' that is to be retrieved from the pool of millions with the 'mathematical magic'). So the advantages of the scheme appear to remain unclear as a matter of principle.
The advantages are that offline password guessing is impossible.
The 'I' word always makes me nervous - do you really mean that, or do you just mean "very difficult"? Cheers, Ben. -- Ben Laurie |Phone: +44 (181) 735 0686| Apache Group member Freelance Consultant |Fax: +44 (181) 735 0689|http://www.apache.org/ and Technical Director|Email: ben@algroup.co.uk | A.L. Digital Ltd, |Apache-SSL author http://www.apache-ssl.org/ London, England. |"Apache: TDG" http://www.ora.com/catalog/apache/ WE'RE RECRUITING! http://www.aldigital.co.uk/