Author: William Yager 2014-03-12 21:15:01
Published on: 2014-03-12T21:15:01+00:00
In an email exchange, Jean-Paul Kogelman raised concerns about the potential for a third party to crack passwords in the event of outsourcing StrongH calculation. However, he emphasized that even if the password was exposed, the key material would still be safe. Furthermore, if people felt strongly about this vulnerability, step 4 could be adjusted to make password recovery more expensive. Will clarified that if one chooses to outsource StrongH calculation and the machine is compromised, the security of the password is reduced to a single round of salted PBKDF2-HMAC-SHA512, but the private key would still remain on the trusted device regardless of the circumstance.
Updated on: 2023-06-08T14:45:46.210280+00:00