Guess already answered.
Best luck,
T.
Peter Williams wrote:
----- Original Message ----- From: "Tommaso Cucinotta" <[EMAIL PROTECTED]>
To: "MUSCLE" <[email protected]>
Sent: Tuesday, March 15, 2005 4:28 PM
Subject: Re: [Muscle] muscle getChallenge, versus GP 2 way authentication
Are you claiming the Applet code has a bug/misbehaviour in case (b) ?
I was definitely wrong in one regard: the DES_CBC_NOPAD case DOES
perform a login - with the key/principal used to authenticate the
exchange. The multi page switch, and the nesting of the switches, and
the broken indents made me believe that the final login was case
dependent. Its not; login works for both cases, assuming either scheme
case create a positive result. (My cpp make(1) options never bothered to
populate DES options in the build, till just recently; only now are the
DES cases more interesting than the RSA cases.)
This pattern makes a lot more sense, now. Thanks! Its precisely in
accord with your description.
The only outstanding query I now have concerns the intended application
of the result bytes sent in the DES_CBC_NOPAD case. There is a
sendData(), prior to the login step for the key/principal.
host->card: importDES key|k (during manufacturing, or similar procedural
security)
card-> host: card challenge
host->card: enc|k(challenge)
card->host: dec|k( enc|k(challenge) )
should the host do anything, post step 3's result indication? its the
value security relevant, or critical?
Peter. _______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
--
,----------------------------------------------------.
| Tommaso Cucinotta PhD <t.cucinotta *at* sssup.it> |
>----------------------------------------------------<
! Scuola Superiore di Studi Universitari !
! e Perfezionamento S.Anna !
! Pisa Italy !
`----------------------------------------------------'
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
