David V. wrote:
> Hi Shachar,
> Congratulations for the first Security price of the Freedom Trophy Award.
> How can I generate an rsa key pair from a password ?
Short answer - you can't.
> I would like to give the user of the program the option to remember
> only a password instead of saving the keys on a CD or a USB stick.
I empathize deeply. Users find the whole public/private concept way too
complicated to understand. The problem is that an RSA key is not like an
AES key. Very few of the bit sequences that are the right length can
actually act as a key. It's not even as if you can use a password as a
seed for a random number generator that will find the right key. You
need as much entropy as the key length for good key finding, and a
password simply doesn't cut it. It'll have to be one long password.
But, fear not, for as a movie once said, I have you an answer. Simply
have your users generate a password protected RSA key, and store it for
them. That way, the password is the secret missing for you to be able to
Of course, there is a fly in the ointment :-) Rsyncrypto does not do
password protected RSA keys. You will have to have your users decrypt
the key prior to sending it to rsyncrypto, I'm afraid.
> Thanks a lot in advance for your answer.
So you wont thank me after? :-(
> David V.