Thomas said:
Michael said:
Thomas said:
Michael Wojcik wrote:
(It's also likely that they can simply determine the password by
looking at your script. There are ways to prevent that - for example,
by implementing an irreversible function as the verifier - but [...]
It is not possible to prevent the determination of the password; it is only
possible to make it expensive for the cracker. Every encryption algorithm
is susceptible to a brute force key search attack.
I'm not talking about encryption; I'm talking about one-way verifiers.
A verifier includes either a decryption or an encryption algorithm.
That's simply wrong. You clearly do not know what you're talking about
in this case.
Probably the most common password-verification functions today are
based on cryptographic hash functions. They don't use encryption or
decryption algorithms.
Zero-knowledge-proof verifiers, as used in eg SRP-3 and PAK-RY, don't
use encryption or decryption algorithms.
Yes, there is, for the verifier will return success then. That is its function.
No, the verifier proves that a preimage is a preimage. It doesn't
prove that it's the password, which is one possible preimage. This is
an elementary property of irreversible functions.
While I don't agree with that, I have also not debated that
You're wrong twice there. First, there cannot be a "one-way encryption
function", because "encryption" (as a term of art) implies decryption,
which implies a bijection, and so excludes a one-way function. Second,
you clearly claim, in the passage quoted above, that the "irreversible
function" implements an "encryption algorithm", so you did in fact
implicitly claim that there was such a thing as a one-way encryption
algorithm. There is not, and your sentence above makes no sense.
SHA-256 is a proper one-way function. So is every other lossy compressor.
An asymmetrically-difficult, believed-one-way, lossless function is
the discrete log problem. Another is the constructed-Hamiltonian-path
problem, sometimes used (at least conceptually, if not in practice)
for a zero-knowledge proof.
This is all very basic cryptographic math. Read Schneier, or the
sci.crypt FAQ.
I'll note in passing that the parenthetical above from my previous
post isn't correct as stated; I compressed two related but distinct
concepts - lossy functions (surjections) and lossless but
asymmetrically difficult functions ("trapdoor" bijections) - into
one-way functions. Obviously one-way surjections are known to exist;
all surjections are at least partially one-way, by definition. The
open problem is whether there are any bijections that are really
always asymmetrically difficult (ie, much easier to compute than to
reverse).