Bill Frantz wrote: >If the challenger selects several of his stored challenges, and asks the >token reader to return a secure hash of the answers (in order), no >information will be leaked about the response to any individual challenge. >This procedure will allow the challenger to perform a large number of >verifications with a relatively small number of stored challenge-response >pairs.
I don't think this works. A malicious reader could remember all the challenges it gets and record all the responses it measures (before hashing). If the number of possible challenges is small, the malicious reader might learn the entire challenge-response dictionary after only a few interactions. From that point on, the malicious reader would be able to spoof the presence of the token. (Of course, if malicious readers aren't a threat, then you don't need fancy uncloneable tokens. A simple cryptographic key written on a piece of paper suffices.) So I think you really do need to use a different challenge every time. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
