<div dir="ltr">If he's using Curve25519, it's actually super-trivial to take any 256-bit value and modify it to a curve point (<a href="http://cr.yp.to/ecdh.html#use">http://cr.yp.to/ecdh.html#use</a>). So you could, for example, SHA256(passphrase), then make it into the private key point, multiple by the base point to get the public key. This is a pretty repeatable process for key generation. Of course, I'd also hope there's some hardening beyond a plain SHA256, but it doesn't seem you could do anything involving salting, since you need to regenerate the same key each time. (Or, I suppose, put the salt into the public key, and make sure the user gets their own public key first when regenerating?)</div>
<div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Jul 7, 2014 at 2:21 PM, Jim Kinney <span dir="ltr"><<a href="mailto:jim.kinney@gmail.com" target="_blank">jim.kinney@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">generating the same private and public keys on the fly during every login<br>
is both pretty cool and yet a bit unnerving. Hopefully the eliptic curve<br>
algorithms are the ones that have been patched from the weakend versions<br>
the NSA tampered with.<br>
<div><div class="h5"><br>
<br>
On Mon, Jul 7, 2014 at 4:47 PM, Boris Borisov <<a href="mailto:bugyatl@gmail.com">bugyatl@gmail.com</a>> wrote:<br>
<br>
> <a href="http://www.wired.com/2014/07/minilock-simple-encryption/" target="_blank">http://www.wired.com/2014/07/minilock-simple-encryption/</a><br>
><br>
> --<br>
> Sent from Gmail Mobile<br>
> -------------- next part --------------<br>
> An HTML attachment was scrubbed...<br>
> URL: <<br>
> <a href="http://mail.ale.org/pipermail/ale/attachments/20140707/75de961c/attachment.html" target="_blank">http://mail.ale.org/pipermail/ale/attachments/20140707/75de961c/attachment.html</a><br>
> ><br>
> _______________________________________________<br>
> Ale mailing list<br>
> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
><br>
<br>
<br>
<br>
</div></div>--<br>
--<br>
James P. Kinney III<br>
<br>
Every time you stop a school, you will have to build a jail. What you gain<br>
at one end you lose at the other. It's like feeding a dog on his own tail.<br>
It won't fatten the dog.<br>
- Speech 11/23/1900 Mark Twain<br>
<br>
<br>
*<a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a><br>
<<a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a>>*<br>
<div class="">-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
</div>URL: <<a href="http://mail.ale.org/pipermail/ale/attachments/20140707/8b0da882/attachment.html" target="_blank">http://mail.ale.org/pipermail/ale/attachments/20140707/8b0da882/attachment.html</a>><br>
<div class="HOEnZb"><div class="h5">_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>David Tomaschik<br>OpenPGP: 0x5DEA789B<br><a href="http://systemoverlord.com" target="_blank">http://systemoverlord.com</a><br><a href="mailto:david@systemoverlord.com" target="_blank">david@systemoverlord.com</a>
</div>