Cryptography-Digest Digest #215, Volume #11 Mon, 28 Feb 00 17:13:01 EST
Contents:
Q: 'Linear encipherment' (Mok-Kong Shen)
RE: RSA deppading ("Yo")
Re: RSA deppading (Michael Sierchio)
Re: On jamming interception networks (Mok-Kong Shen)
Re: Question about OTPs (Gaston Taylor)
Re: NSA SPIES ON THE POPE, MOTHER THERESA AND DIANA! (Mary - Jayne)
Re: Can someone break this cipher? (Mary - Jayne)
Re: Can someone break this cipher? (Mary - Jayne)
Re: Can someone break this cipher? (Mary - Jayne)
Re: Can someone break this cipher? (Mary - Jayne)
Re: Encryption (only) in a extremely small program? (~1.4KB) (Mike Rosing)
Re: Passwords secure against dictionary attacks? (Johnny Bravo)
Re: Beginner Help ? (Alex MacPherson)
Re: Crypto Speeds... (Wei Dai)
Re: Encryption (only) in a extremely small program? (~1.4KB) ("Giovanni Moretti")
Re: Passwords secure against dictionary attacks? (Dave Howe)
Re: code still unbroken (Stephen Houchen)
Re: Can someone break this cipher? ("Adam Durana")
Re: increasing key length through Hasing (omail@.REMOVESPAM.emnetonline.f9.co.uk)
Re: Want to poke holes in this protocol? ("Lyalc")
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Q: 'Linear encipherment'
Date: Mon, 28 Feb 2000 18:18:48 +0100
Kahn (p.407) wrote in connection with the Hill cipher the following:
But from a purely theoretical standpoint, the matrix
encipherment is less secure than a linear encipherment
of the same number of letters. This is because the linear
encipherment employs a greater number of arbitrary key
constants in its equations. Many of the matrix constants
reduce to zero when the matrix equatins are written out
in their linear equivalent.
I guess I know what Kahn 'probably' meant, but that's only a very
uncertain 'guess'. Hence questions:
1. What is a 'linear encipherment'? I didn't find that in the
index of Kahn's book. Further, aren't matrix operations
'linear' operations?
2. When comparing the strength of algorithms, one has to use the
same amount of key materials (the same entropy) in order to
be fair. When Kahn claimed that one is less secure than the
other, wasn't he basing his argument on different amounts of
key materials? (One certainly could employ more key materials
with the Hill cipher by applying the scheme twice, for
example.) But that would mean that his argument is invalid.
Could someone please elaborate his point with a mini-example?
Thanks in advance.
M. K. Shen
------------------------------
From: "Yo" <[EMAIL PROTECTED]>
Subject: RE: RSA deppading
Date: Mon, 28 Feb 2000 18:09:02 +0100
But if you encrypt text+random number, in the other side (decrypt) there
must be and application that is able to disting between text (suppose not
fixed size) and random numbers . am I correct?. If so, what
hardware/software is that which made this function (suppose you have a smard
card and you must encrypt the message: must the smart card add the random
number or must be the application (software)?
Thanks.
Ian Michael Ash <[EMAIL PROTECTED]> escribiС en el mensaje de noticias
89dqos$2pl6$[EMAIL PROTECTED]
> One often pads the real data that you're going to encrypt with a series of
> random numbers to make the message longer and increase entropy(?). Perhaps
> this reference is to stripping of the random numbers that were added to
the
> end of the message. i.e. you decrypt the RSA message, then strip off
random
> padding, and you're left with original message.
>
> Ian
>
>
>
> Yo wrote in message <89dl6a$7fa$[EMAIL PROTECTED]>...
> >
> >Does anybody know what is "RSA deppading" ? when does it apply?
> >
> >
>
>
------------------------------
From: Michael Sierchio <[EMAIL PROTECTED]>
Subject: Re: RSA deppading
Date: Mon, 28 Feb 2000 09:36:50 -0800
Yo wrote:
>
> But if you encrypt text+random number, in the other side (decrypt) there
> must be and application that is able to disting between text (suppose not
> fixed size) and random numbers . am I correct?. If so, what
> hardware/software is that which made this function (suppose you have a smard
> card and you must encrypt the message: must the smart card add the random
> number or must be the application (software)?
See PKCS#1 for description of OAEP and PKCS1-v1_5 padding schemes.
"You can't do anything anymore without ASN.1"
-me
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: On jamming interception networks
Date: Mon, 28 Feb 2000 18:49:28 +0100
Douglas A. Gwyn wrote:
>
> The intelligence agencies are not interested in anything you send
> me, I assure you, unless you have are on their watch list. If your
> messages are being watched, the analysts will be able to sort the
> information from the chaff.
How do you 'know' that? Do you happen to have an oracle? Of course,
your first sentence above is not 'logically wrong', because it
contains the constraint 'unless ......'. Now, how do I know whether
I am or I am not on their watch list? What are the precise criteria
for a person to have the honour of being on that list? Do you
'really' know that? And, more importantly, how are these criteria
applied by them in practice (as against in theory), i.e. could
there be (intended or unintended) 'mistakes'?
> > .. They certainly work on encrypted messages, since the
> > probability that these contain secrets is 'by definition' high.
>
> No! First: routine traffic is not of interest no matter what its
> format. (Much Internet traffic is binary data; that doesn't make
> it automatically interesting.) Second: under your proposed plan,
> the probability that an encrypted attachment to a message would
> contain interesting information would be even *lower* that it is
> now.
To the first point: Compare above. To the second point: The very
purpose of the suggestion IS to make the probability of anything
that they work on to contain interesting information 'lower' than
it is now, in fact as low as possible, which means that the
efficiency of their work will be very low (hopefully zero), thus
attaining the intended purpose of jamming.
M. K. Shen
------------------------------
From: Gaston Taylor <[EMAIL PROTECTED]>
Subject: Re: Question about OTPs
Date: 28 Feb 2000 17:50:49 GMT
"Douglas A. Gwyn" wrote:
>
> Tim Tyler wrote:
> > A deterministic compressor is not likely to be capable of producing a
> > uniform distribution of cyphertexts - because some messages are sent more
> > frequently than others.
>
> That could be taken into account. Any really efficient compression
> scheme needs to take into account the statistical properties of the
> population from which messages are drawn.
>
> However, truly *perfect* compression would mean not having to
> transmit *any* information, since the model would be perfect and
> the receiver could obtain the next message by stepping the model
> one click. As Shannon explained long ago, information has to do
> with surprise. If there is no surprise, the information content
> is zero.
------------------------------
From: [EMAIL PROTECTED] (Mary - Jayne)
Subject: Re: NSA SPIES ON THE POPE, MOTHER THERESA AND DIANA!
Date: Mon, 28 Feb 2000 18:08:52 GMT
On Sun, 27 Feb 2000 16:08:01 -0000, "Joseph Ashwood" <[EMAIL PROTECTED]>
wrote:
>I'm not sure I agree with you. I was for the fight against
>turning the US (where I live) communist not because I wanted
>to follow the rich, but because communism as it has been
>practiced is a losing proposition.
I have a similar view of capitalism.
Regards,
MJ
http://www.xarabungha.btinternet.co.uk/
http://website.lineone.net/~c.j.stevens/
------------------------------
From: [EMAIL PROTECTED] (Mary - Jayne)
Subject: Re: Can someone break this cipher?
Date: Mon, 28 Feb 2000 18:05:55 GMT
On Sun, 27 Feb 2000 12:26:48 -0500, "A [Temporary] Dog"
<[EMAIL PROTECTED]> wrote:
>The above link is 404 compliant. Did you mean -
>http://www.xarabungha.btinternet.co.uk/xicrypt/xichallenge.htm
My apologies for that.
>The challenge at xicrypt/xichallenge.htm doesn't give any details of
>the algorithm, just a bunch of raw ciphertext. In general, "can you
>break this cipher" posts are a bad idea. In particular, even with a
>complete description, you'll have a hard time getting knowledgable
>people to analysis your cipher. Without a description, no one will
>bother.
That is fine by me :-)
I am working on the Simon Singh Cipher Challenge where, other than the first
few to get one interested, he does not explain to the reader how to win 10
grand by giving a detailed description of how he encoded his text.
Similarly, I don't thing the Germans sent an Enigma machine over to England
in 1939 with a note saying ' Hi chaps, this is our new kit and this is how it
works'.
Regards,
MJ
http://www.xarabungha.btinternet.co.uk/
http://website.lineone.net/~c.j.stevens/
------------------------------
From: [EMAIL PROTECTED] (Mary - Jayne)
Subject: Re: Can someone break this cipher?
Date: Mon, 28 Feb 2000 18:05:56 GMT
On Sun, 27 Feb 2000 13:05:17 -0500, "Adam Durana"
<[EMAIL PROTECTED]> wrote:
>You should publish your algorithm if you truly want to test its security,
>not just post some cipher text. Also if you want anyone to trust your
>algorithm you are going to have to make it public eventually. Personally I
>don't tend to pay much attention to challanges were people just dump a bunch
>of ciphertext and say break this.
Please see my response to the previous post.
Regards,
MJ
http://www.xarabungha.btinternet.co.uk/
http://website.lineone.net/~c.j.stevens/
------------------------------
From: [EMAIL PROTECTED] (Mary - Jayne)
Subject: Re: Can someone break this cipher?
Date: Mon, 28 Feb 2000 18:05:56 GMT
On 27 Feb 2000 18:20:26 GMT, [EMAIL PROTECTED] (Bill Unruh) wrote:
>So why are you trying to reinvent the wheel?
An interesting perspective.
> If this is a game for you, then go ahead.
Thank you for my freedom.
>If you want to use this to actually hide material whose
>exposure would do you serious harm, then use something which has been
>seriously tested. Cryptanalysis is serious, and not easy stuff. Why
>would a serious cryptanalist want to spend his time looking at your
>cypher?
Oh get you, big boy.
> If you want to fool your self no one will be terribly interested
>( except perhaps your enemies). On the other hand if you start trying to
>sell this, then you are opening your self up for damages if you make
>claims about its security.
Thank you for condescending to reply to someone as miniscule as I.
Regards,
MJ
http://www.xarabungha.btinternet.co.uk/
http://website.lineone.net/~c.j.stevens/
------------------------------
From: [EMAIL PROTECTED] (Mary - Jayne)
Subject: Re: Can someone break this cipher?
Date: Mon, 28 Feb 2000 18:05:57 GMT
On Sun, 27 Feb 2000 18:52:03 GMT, Boris Kazak <[EMAIL PROTECTED]>
wrote:
>This is the beginning of your plaintext.
>This message is intentionally left unencrypted.
>
>Три дня не унимается, бушует океан,
>Как хуй в пизде болтается кораблик по волнам.
>В каюте класса первого Садко богатый гость
>Гандоны рвет об голову, свою срывая злость!
That is nothing like the beginning of my plaintext.
I am intrigued to know how you produced it however.
Regards,
MJ
http://www.xarabungha.btinternet.co.uk/
http://website.lineone.net/~c.j.stevens/
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: Encryption (only) in a extremely small program? (~1.4KB)
Date: Mon, 28 Feb 2000 12:27:14 -0600
dywalsh wrote:
>
> Is it possible to do public key ENcryption in a program of
> approx. one and a half kilobytes?
Yes.
> I am investigating the idea of doing application level
> encryption for WAP. There is a lower-level protocol for
> encryption, WTLS, but apart from the weakness of that (see other
> messages in this group), there a other issues in that you either
> have to provide you own WAP gateway ($$$,hassle) or deal with
> all the network providers (who may not have WTLS).]
>
> This system would encrypt only. There is no need for decryption
> (i.e. only need to encrypt sensitive user-entered info such as
> passwords or credit details), and the keys would be generated on
> the server. So all that is required is that this program encrypt
> certain data using a public key provided by the server. The
> language used would be WMLScript, a language derived from
> javascript.
>
> I am no expert on cryptography. What algorithms could be provide
> this in such a small program, and how would the strength of
> these algorithms compare with whatever is used in SSL?
It depends on how good your compiler is. The basics of any PK
algorithm don't take up very much space if it's done in assembler.
Start adding system OS overhead and things blow up fast.
> For instance I have looked at the code of an implementation of
> Blowfish, but for starters it defines a set of arrays with
> values for Pi,Ss0 to S3, which alone is a massive amount of data
> in this context.
Blowfish is a symmetric key cipher, not a public key. Are you sure
public key is what you need?
Patience, persistence, truth,
Dr. mike
------------------------------
From: Johnny Bravo <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,alt.security.pgp
Subject: Re: Passwords secure against dictionary attacks?
Date: Mon, 28 Feb 2000 14:32:28 +0000
On Mon, 28 Feb 2000 14:42:17 GMT, [EMAIL PROTECTED] (Lincoln
Yeoh) wrote:
>> And just these two words have 1.2 billion permutations for 30 bits of
>>password with the separators you've given. Add in a third word and you
>
>Yep, as I was telling Ilya two words is not enough.
Depends on the application, if I had a system that locked you in a room
with the keyboard and executed you after 3 incorrect entries, it would be
more than enough. :)
>> 40 bits for that, and trying to remember 5 or 6 of them would be over
>>kill and very hard to remember. Diceware is very suited to mnemonic aids
>
>Hmm, I recalculated. Just remember four 6 character passwords. Or five 5
>char passwords.
I find garbage passwords a pain in the neck to try to memorize, but some
people would have no problem with it. A person with a photographic memory
for instance. :)
>Remembering four passwords isn't that difficult is it? Just make sure you
>do NOT use those four anywhere else.
>
>Diceware is a good idea if it suits your brain. Two diceware words = one 5
>character alphanumeric password, so mix and match if you wish. e.g. two
>diceware words with 3 passwords.
For me Diceware is easier as I can make up a sentence or two that uses
the words as a mnemonic, allowing me to pretty easily remember 8 words for
104 bits. I've long passed needing the mnemonic, but it was very handy
when I first started using it.
--
Best Wishes,
Johnny Bravo
"The most merciful thing in the world, I think, is the inability
of the human mind to correlate all it's contents." - HPL
------------------------------
From: Alex MacPherson <[EMAIL PROTECTED]>
Subject: Re: Beginner Help ?
Date: Mon, 28 Feb 2000 15:07:29 -0500
Norman,
One way is to use bit masks. Because byte is a signed integer in 2's
complement format, the bits masks for a byte in java would be -128, 64, 32,
16, 8, 4, 2, and 1. It is often convenient to declare a bit mask array.
static final byte fBitmask[] ={1,2,4,8,16,32,64,-128};
To check if a bit is set, AND the byte with the bit mask and check it the
result is not zero.
To set a bit, OR it with the bit mask.
There's probably an easier way, but I find this simple enough.
Alex
Norman Little wrote:
>
> Hi,
>
> I am implementing demonstration applets in JAVA for DES, and have become a
> little stuck.
>
> I am trying to manipulate the bits of the characters by using the getbytes()
> function in java, which returns an array of bytes for the string supplied.
> The only problem is, how do I then manipulate the individual bits for each
> character after I have created the byte array for the string ?
>
> thanks
>
> Norman
------------------------------
From: Wei Dai <[EMAIL PROTECTED]>
Subject: Re: Crypto Speeds...
Date: Mon, 28 Feb 2000 12:24:42 -0800
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> Is there any place on the Internet where we can find specific
> information about speeds with specific processors and specific
> operations? (Benchmarks, etc...). Fr example, what is the time required
> by Processor 'X' at speed 'Y' MHz to perform an hashing of a (say) 10Mb
> document using (say) RIPEMD160?
http://www.eskimo.com/~weidai/benchmarks.html
It's for Intel Celeron running at 450 MHz, but you can download the
benchmark program (part of a free crypto library) and run your own
benchmarks on other processors.
------------------------------
From: "Giovanni Moretti" <[EMAIL PROTECTED]>
Subject: Re: Encryption (only) in a extremely small program? (~1.4KB)
Date: Tue, 29 Feb 2000 09:58:09 +1300
Hi
If you find that symmetric encryption (same encrypt/decrypt key) will do,
check out http://ciphersaber.gurus.com/
It describes a version of RC4 designed by Ron Rivest which is strong
encryption but has a tiny algorithm (less than 20 lines of C or basic) plus
a 256 byte array and another (say 100 bytes) for the key. Simple, tiny, fast
and strong, but unfortunately, not public key :=(
Cheers
Giovanni
dywalsh <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Is it possible to do public key ENcryption in a program of
> approx. one and a half kilobytes?
>
> [Backround:
> I am investigating the idea of doing application level
> encryption for WAP. There is a lower-level protocol for
> encryption, WTLS, but apart from the weakness of that (see other
> messages in this group), there a other issues in that you either
> have to provide you own WAP gateway ($$$,hassle) or deal with
> all the network providers (who may not have WTLS).]
>
> This system would encrypt only. There is no need for decryption
> (i.e. only need to encrypt sensitive user-entered info such as
> passwords or credit details), and the keys would be generated on
> the server. So all that is required is that this program encrypt
> certain data using a public key provided by the server. The
> language used would be WMLScript, a language derived from
> javascript.
>
> I am no expert on cryptography. What algorithms could be provide
> this in such a small program, and how would the strength of
> these algorithms compare with whatever is used in SSL?
>
> For instance I have looked at the code of an implementation of
> Blowfish, but for starters it defines a set of arrays with
> values for Pi,Ss0 to S3, which alone is a massive amount of data
> in this context.
>
> Thank you for any help/pointers you can provide.
>
>
> * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network
*
> The fastest and easiest way to search and participate in Usenet - Free!
>
------------------------------
From: Dave Howe <DHowe@hawkswing>
Subject: Re: Passwords secure against dictionary attacks?
Date: Mon, 28 Feb 2000 21:35:09 +0000
Reply-To: DHowe@get_email_from_sig
In our last episode (<alt.security.pgp>[27 Feb 2000 12:43:19 EST]),
[EMAIL PROTECTED] (Guy Macon) said :
>In article <[EMAIL PROTECTED]>, DHowe@hawkswing (Dave Howe) wrote:
>
>>Hmm. if I had to come up with a rule of thumb here, I would count any
>>english word (or $LANGUAGE word for that matter) as being two random
>>characters; so ten english words with non-space separators would be
>>equivilent to a 29-character truely random password - which is
>>definitely non-trivial to crack.
>
>Two characters can have 65,536 possible values (much less if
>you only use what's available on your keyboard). There are many
>more english words than that. Throw in one easy to remember
>nonword like fnurbish or queekle and you make a dictionary attack
>a LOT harder.
Hey, it's a rule of thumb. If it is a gramatically valid english
sentence, then the amount of true randomness will be much reduced -
not to mention the limited pool you are drawing the separator
characters from (probably the typable english punctuation from a
standard US keyboard). If I was to suggest someone use chained english
words for a passphrase, I would rate it at between 16 -24 bits per
word.
>
>>However, it is also non-trivial to type - particularly in password
>>mode when you can't see the text.
>
>When I decided on my 54 character passphrase, I wrote a program on
>an old non-networked 486 to test me on it twice a day. I practiced
>until I was very fast and accurate at touchtyping it. When I worked
>on high security projects I got in the habit of putting a thick piece
>of black felt over my hands as I type in my password.
*nodnod* sounds like a good plan. I don't type passphrases in company
anyhow, just in the machine room when (effectively) alone :+)
------------------------------
From: Stephen Houchen <[EMAIL PROTECTED]>
Subject: Re: code still unbroken
Date: Mon, 28 Feb 2000 15:38:57 -0600
> > Most of the correspondence I get from cryptanalysis folk about the code I
> > devised at discovervancouver.com sneers at its triviality. I still harbor a
> > belief that SOMEONE out there will crack it, and win the prize ... which
> > goes up one cent a minute, and is now well over $3,000.
>
> That little thing? cracked it in six hours. Now I am waiting for the
> prize to increase to my chosen target point. Talk to you later!!!
So... what's your chosen target point? ;)
S
[EMAIL PROTECTED]
------------------------------
From: "Adam Durana" <[EMAIL PROTECTED]>
Subject: Re: Can someone break this cipher?
Date: Mon, 28 Feb 2000 16:40:55 -0500
> That is fine by me :-)
> I am working on the Simon Singh Cipher Challenge where, other than the
first
> few to get one interested, he does not explain to the reader how to win 10
> grand by giving a detailed description of how he encoded his text.
> Similarly, I don't thing the Germans sent an Enigma machine over to
England
> in 1939 with a note saying ' Hi chaps, this is our new kit and this is how
it
> works'.
Since you told me to refer to this one I'll reply to it also. You did not
post saying it was some sort of challenge, as the ciphers are in The Code
Book. You posted asking if your algorithm could be broken, if you are truly
interested in seeing if the algorithm is secure you'll make it public. I
forget who said it but, "security through obsecurity" is what you are trying
to do here. And thats a BIG NO NO. So if you are serrious about testing
the the security of your cipher you'll have to make it public.
- Adam Durana
------------------------------
From: omail@.REMOVESPAM.emnetonline.f9.co.uk
Subject: Re: increasing key length through Hasing
Date: Mon, 28 Feb 2000 21:54:26 +0000
Thanks Anton, your advice is greatly appreciated.
hehe - I can't pay you for it, but the source code will be available.
-Emrul
Anton Stiglic wrote:
> [EMAIL PROTECTED] wrote:
>
> > I tried to increase key length for user supplied keys that were smaller
> > than the maximum key length an algorithm could support. Below is the
> > source code for that section of code [from Borland C++ Builder] -=- if
> > anyone sees anything wrong with it or has a better way of doing
> > something similar then please get back to me.
> >
>
> Hashing the key once (or twice, one time for each hash algo) does that
> make the key much more secure. When an attacker wants to do a
> dictionary attack on small keys, he just has to hash the key the same
> way you did. Kelsey and al. have a paper called "Secure Applications
> of Low-Entropy Keys" (I'm sure you can found it on www.couterpane.com)
> in which they describe a way to stretch keys in a way that forces an
> attacker doing a dictionary attack to spend alot of CPU time (they just
> iterativley hash the key alot of times).
> But in any case, I also have some comments on the code, the bellow:
>
> >
> > -Emrul
> >
> > /* If keysize entered is less than keysize of algoirthm, data needs
> > to be hashed to at least the length of KeySize.*/
> > if ((state.Key.Length() * 8) < CryptAlgoData->KeySize)
> > {
> > TRMD160Context RMDContext;
> > TRMD160Digest RMDDigest;
> > TSHA1Context SHAContext;
> > TSHA1Digest SHADigest;
> > long pos, x;
> > int KeyLength;
> > AnsiString TmpStr;
> >
> > pos = 0;
> > KeyLength = Key.Length();
> > RMD160Init(RMDContext);
> > SHA1Init(SHAContext);
> > /*
> > 1. Use RipMD160 Hash Algorithm to generate a 160bit
> > hash.
> > 2. Feed the output of RipMD160 to SHA1 Hash algorithm
> > and
> > concatenate the ouput with the original input.
> > 3. Repeat 1 and 2 until the number of bytes of hash =
> > the KeySize.
> > */
> > do
> > {
> > RMD160Update(RMDContext, FinalKeyData, KeyLength);
> > RMD160Final(RMDContext, RMDDigest);
> > for (x = 0; x < 20; x++)
> > {
> > if (pos <= (CryptAlgoData->KeySize / 8))
> > {
> > FinalKeyData[pos] = RMDDigest[x];
> > KeyLength = pos;
>
> You are affecting KeyLenght in each iteration or the if loop, you could
> simply affect it at the end, outside of the if scope.
>
> >
> > pos++;
>
> You can put that pos++ in the if, something like
> if (pos ++ <= (CryptAlgoData->KeySize / 8))
>
> >
> > }
> > else
> > break;
> > }
> > SHA1Update(SHAContext, FinalKeyData, KeyLength);
> > SHA1Final(SHAContext, SHADigest);
> > for (x = 0; x < 20; x++)
> > {
> > if (pos <= (CryptAlgoData->KeySize / 8))
> > {
> > FinalKeyData[pos] = SHADigest[x];
> > KeyLength = pos;
>
> Same comment here....
>
> > pos++;
> > }
> > else
> > break;
> > }
> > } while (pos < (CryptAlgoData->KeySize / 8));
> >
> > } /* End key initialisation*/
>
> You need to make sure that you overwrite everything that was in SHADigest
> (and the
> other hash context). That is, write '0' in it to fill it up. An
> attacker could read 'left over'
> memory and grab the key if not...
>
> my $0.02...
>
> Anton
------------------------------
From: "Lyalc" <[EMAIL PROTECTED]>
Subject: Re: Want to poke holes in this protocol?
Date: Tue, 29 Feb 2000 09:01:11 +1100
It is not indicated how 'b's software and public key will remain on 'a's
machine, in untampered form.
You still limit the assurance that 'b' has as to who 'a' actually is - the
PC does not equate to the security features of an ATM or Debit PINpad. At
the end of a session, all 'b' knows is that 'a's password was used.
For the first session, ok. Subsequent sessions may be the result of
exposing 'a's password to a keyboard sniffer.
But, as a simple channel key management idea, not too bad. Why isn't SSL
good enough?
Johan Hoogenboezem wrote in message <[EMAIL PROTECTED]>...
>Hi Everyone,
>
>Would some of you please help me to poke holes in this scenario?
>
>1. A Bank called 'B' installs a program on a customer called Alice's
>computer.
>2. Alice uses this program to do her banking with B over the Internet.
>3. The program generates a new secret key 'K' that is to be used for a
>symmetrically encrypted conversation between Alice and B, encrypts it
>using B's public key and sends it to B.
>4. B takes its private key, decrypts the message, gets K and sets things
>up to use K for symmetrical encryption/decryption between Alice and B.
>5. From now on the conversation between Alice and B is encrypted using
>K.
>6. (Encrypted) The program now asks Alice to enter her password and
>sends it to B.
>7. (Encrypted) B takes the password and logs Alice on to B's systems.
>8. (Encrypted) Alice does her banking.
>9. Alice or B ends the conversation.
>
>A few notes:
>============
>1. A 'B' representative installs the software on Alice's computer and
>stores B's public key onto it.
>2. Alice is solely responsible for restricting access to her computer.
>3. Alice is solely responsible for keeping her password for logging onto
>B's systems a secret.
>4. A new secret key 'K' is generated and used every time Alice uses the
>program.
>
>So, what's wrong with this picture?
>
>Thanks
>Johan
>
>email: [EMAIL PROTECTED]
>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
