Bitcoin Forum
April 20, 2014, 05:42:06 AM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
   Home   Help Search Donate Login Register  
Pages: [1]
Author Topic: Secret keys could be memorizable  (Read 1077 times)
Offline Offline

Activity: 98

Misspelling protects against dictionry attacks NOT

View Profile

July 01, 2011, 08:23:10 AM

CAUTION: Don't understand this as a tutorial. You should not use any of this ideas for important key generation! This may affect security in the very core, because the security of ECDSA is based on the assumption that each possible key is as likely as any other!

This thread is meant as an idea for a techie and crypto-geek discussion.

Why generate random ECDSA private keys and encrypt them with AES then using weaker passwords?

In principle it should be possible to use the password directly as private key. How?

You have the eliptic curve, and the generator element A. You chose a password p and calculate q = (pA). p is not easy to calculate from q (discrete logarithm on eliptic curves), that's the basis of the whole ECDSA system.

New weaknisses:
- you can brute force private keys (e.g. via dictionary attacks) now and test whether they imply the known public key

Possible advantages:
- brute forcing private keys may be harder than brute forcing AES (or other) file encryption

What do you think? I got this idea a few minutes ago, there may be flaws I just didn't see yet.

Pages: [1]
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!