-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 hi!
as i found out lately triplesec is in a state of flux and elecharny mentioned on irc that it would be a good time to raise some issues. i'd like not to step on somebodies toes so please forgive some uncertain language constructs as english is only a second language to me. my particular area of interest in triplesec is the hauskey midlet. * the current midlet uses a plain numeric-only pin to decrypt the seed-storage and since most pins tend to be 4-6 digits, a possible attacker is able to precompute all possible keys for all seeds ever issued in this fashion in under one minute. * the use of the pin-string as the key-byte-array is an unfortunate decision since it increases the chances of actually using weak and semi-weak des-keys which are prone to cryptographic shortcut attacks. * the use of the des-cipher is an unfortunate decision since it can be brute-forced with under U$D 10,000 hardware in under 10 days. * des has a nominal strength of 56 bits (nowadays weak) whereas the usage of a four-digit pin reduces this to 13 bits! proposed solution: * use randomly keyed rsa/elgamal cipher (>=2048bits) for seed. * use pin combined with an iv to keywrap random-key (aes/3des). * make pin alpha-numeric with 4-12 chars. this would mean that the seed itself can only be brute-forced and only with "large prime factorization" :-) as long as a good keywrap with iv is used the only attack would be brute-forcing the 256-768 bit key/iv-space :-) precomputation would only be possible if the large storage requirements could be met and than only for a single known issued token-seed, making it equal to brute-force :-) cheers, fredo - -- Schonmal davon gehoert, dass nicht jeder linux user gleich ein programmierer ist, der alles, was er selber braucht, auch selber programmiert, installiert, patched, hacked oder portiert? Urks? Das ist doch nur eine Legende..... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGpUV5jKJMaHhpyr4RCEhEAKDCJrGH6hEBnTTNv1d8If626jgdJACeK41k VBX7cvAje1+6pjG/gjJARA4= =nrqD -----END PGP SIGNATURE-----
