Safemail
Deranged Mutant
WlkngOwl at unix.asb.com
Fri Jun 21 01:36:10 PDT 1996
On 20 Jun 96 at 12:28, Andrew Loewenstern wrote:
[..]
> There are other, more serious, drawbacks to such a scheme though. You can't
> change your passphrase without changing your public key. People can try to
> guess your passphrase with only your public key. Crack can guess peoples
> account passwords something like 24% of the time. I doubt the average joe
> would use much better passphrases for their secret key. That's a scary
> thought!! At least with PGP someone has to get a copy of the encrypted
> secret key first.
You could require *very good* passphrases.
Rather than changing a passphrase, revoke the key. Perhaps expire
keys after a certain period of time.
Longer lasting keys (such as a digital timestamp service) would save
private keys with a protected password instead.
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto)
AB1F4831 1993/05/10 Deranged Mutant <wlkngowl at unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.
More information about the cypherpunks-legacy
mailing list