Protecting Secret Keys with Personal Entropy
Publication: Journal of Future Generation Computer Systems, Volume 16, Number 4
Page(s): 311 - 318
Publisher: Elsevier Science
Source 1: http://www.schneier.com/paper-personal-entropy.pdf
Source 2: http://www.schneier.com/paper-personal-entropy.ps.gz
Source 3: http://dx.doi.org/10.1016/S0167-739X(99)00055-2 - Subscription or payment required
Conventional encryption technology often requires users to protect a secret key by selecting a password or passphrase. While a good passphrase will only be known to the user, it also has the flaw that it must be remembered exactly in order to recover the secret key. As time passes, the ability to remember the passphrase fades and the user may eventually lose access to the secret key. We propose a scheme whereby a user can protect a secret key using the "personal entropy" in his own life, by encrypting the passphrase using the answers to several personal questions. We designed the scheme so the user can forget answers to a subset of the questions and still recover the secret key, while an attacker must learn the answer to a large subset of the questions in order to recover the secret key.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.