Revision as of 01:02, 13 July 2024 edit LucGommans (talk \| contribs) 65 edits →An improved password manager: Rewording and add details to the two mentioned implementations. Remove unsourced sentence that I think I know what it was referring to (from the SPHINX paper) but seemed misleading to me (because more goes into it than just the master/main password) and the mechanism is now explained in more detail by the new text ← Previous edit		Revision as of 15:49, 8 September 2024 edit undo 2001:8e0:2069:100:300e:97d6:c8c4:c5a7 (talk) →Definition: correction: hash function -> pseudorandom function Next edit →
Line 10: * The first-party (''the client''), knows the ''input'' ('''I''') and learns the ''output'' ('''O''') but does not learn the ''secret'' ('''S''') * The second-party (''the server''), knows the ''secret'' ('''S'''), but does not learn either the input ('''I'''), nor the output ('''O'''). * The function has the same security properties as any (cryptographically secure) [[~~Cryptographic hash~~Pseudorandom function family\|~~cryptographically~~pseudorandom ~~secure~~function]]. Specifically it shall be hard to distinguish the output from [[Cryptographically secure pseudorandom ~~function:~~number generator#Requirements\|true randomness]]. It is hard to find two inputs with the same output (i.e. it is [[Hash collision\|collision resistant]]) It is hard to invert (i.e. it is resistant to [[preimage attack]]s) ** It is hard to distinguish the output from [[Cryptographically secure pseudorandom number generator#Requirements\|true randomness]] The function is called an ''Oblivious'' Pseudorandom Function, because the second-party is ''oblivious'' to the function's output. This party learns no new information from participating in the calculation of the result.

Oblivious pseudorandom function: Difference between revisions