Timothy C. May wrote:
I haven't seen this particular idea, but a general point to always bear in mind is that "entropy doesn't increase" (despite what you may have heard about that other kind of entropy....).
To wit, if there are N bits of entropy in a passphrase (or whatever is the basic key, be it typed in, read from a floppy, whatever), then no amount of deterministic crunching by a PRNG (or whatever) will increase this.
(I say "deterministic" in the sense that all parties presumably need to run the same PRNG and get the same output from the same "seed" (= passphrase, in this scheme). Thus, the PRNG cannot add additional randomness or entropy. Unless I am misunderstanding the proposal...)
So, if the passphrase is 22 characters, as in the "Safemail" proposal (such as it is), that's all that can be gotten. Period. There just aren't enough "places" in the space of starting points. Anyone with access to the algorithms used to process the 22 characters (154 bits if 7 bits are used for each character) can brute force search the space in a relatively short time. (If the later processing algorithms are supposed to be "secret," then of course this a cryptographic faux pas of the first magnitude, usually dismissed as "security through obscurity.")
Generally agreed, but I would like to mention a couple of points. I would argue that 154 bits of entropy is enough, but then I would also argue that a 22 character passphrase is unlikely to generate these 154 bits of entropy. Gary -- pub 1024/C001D00D 1996/01/22 Gary Howland <gary@systemics.com> Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06