Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Subject: Re: Weak user keys, strong servers.
From: James A. Donald (jamesdecheque.com)
Date: Sun Jul 23 2000 - 10:50:01 CDT

At 12:15 PM 7/22/2000 -0700, halfinney.org wrote:
> You could have a slightly simpler system by just letting G^q be the
> user's public key,

Which gives the server unlimited power to read the users mail and
impersonate the user, even if the user is using a high entropy passphrase.

> It's a little unclear what your security model is, whether the
> client is trusted or not.

That is because I am looking for both belt and braces to keep the users
pants up.

I want a system that is invulnerable to outsiders who have no knowledge of
the passphrase and infrequent and limited access to the user's machine and
no power over the server, even if the user chooses a weak passphrase, and a
system that is also invulnerable to outsiders with power over the server if
the user chooses a strong passphrase and they have no access to the user's

          James A. Donald