[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Secret public keys



At 02:34 PM 7/23/99 -0400, David Chen wrote:
>I thought we like the public key as "public" as possible. (so that to
>prevent attack)
>How can someone want a "secret" for "public" key ?
>If it is secret, then it is private.
>Don't you agree?

To see the definition of "secret public keys" in this thread, read
David Kemp's original message as forwarded by Stephen Waters.

"Secret public keys" can be used in several ways, typically to protect
a private key that may be otherwise vulnerable to a brute-force attack.
For example, a private key may be encrypted under a weak encryption
key derived from a password.  When the encryption key can
be brute-forced, there's a risk that someone who obtains the encrypted
private key and the public key can crack the private key.

The principle of a *persistent* secret public key is to
distribute the public key on a "need-to-know" basis.
This greatly reduces the exposure to such attack.

A related concept is *ephemeral* secret public keys.
These form the basis for many strong password protocols.
The general idea is to choose a one-time public/private key pair,
integrate them with a password in a special way, and perform a key
exchange with another party.  The public/private keys are then discarded.
The result is that only parties with the same password will
be able to negotiate a large session key, without
exposing the small password to brute-force attack.

For examples, you can see slides from a presentation
on protocols that use both of these concepts:
<www.IntegritySciences.com/rsa99/index.html>

---------------------------------------------------
David P. Jablon           dpj@xxxxxxxxxxxxxxxxxxxxx
President                 +1 508 898 9024
Integrity Sciences, Inc.  www.IntegritySciences.com