Sciweavers

FGCS
2000

Protecting secret keys with personal entropy

13 years 11 months ago
Protecting secret keys with personal entropy
Conventional encryption technology often requires users to protect a secret key by selecting a password or passphrase. While a good passphrase will only be known to the user, it also has the flaw that it must be remembered exactly in order to recover the secret key. As time passes, the ability to remember the passphrase fades and the user may eventually lose access to the secret key. We propose a scheme whereby a user can protect a secret key using the "personal entropy" in his own life, by encrypting the passphrase using the answers to several personal questions. We designed the scheme so the user can forget answers to a subset of the questions and still recover the secret key, while an attacker must learn the answer to a large subset of the questions in order to recover the secret key.
Carl M. Ellison, Chris Hall, Randy Milbert, Bruce
Added 18 Dec 2010
Updated 18 Dec 2010
Type Journal
Year 2000
Where FGCS
Authors Carl M. Ellison, Chris Hall, Randy Milbert, Bruce Schneier
Comments (0)