Re: CDR: Re: Palm Pilot Handshake
In article 003301c2c7c2$c734bbe0$0301000a@thishost, Steve Mynott [EMAIL PROTECTED] wrote: The Palms do have fairly slow processors so checking keys may take a while and generating them probably quite a long time. For perspective, however, current-model Palms have 33 MHz Motorola 68k processors, which used to be considered a nice desktop CPU. In 1991, when PGP was first released, the Mac Classic II had a 16 MHz 68030 and 2 MB of RAM. If that was enough for PGP, then a Palm m500 ought to be capable of it also. Granted, you will want to use longer keys now. But the hardware in your pocket can do more crypto than you might think. And they're only getting faster. -- Shields.
Re: Palm Pilot Handshake
On Tue, 28 Jan 2003, Tyler Durden wrote: Yo! Anyone out there in codeville know if the following is possible? Yes, but there are caveats. What I mean is, Let's say some disgruntled and generic crypto-kook (let's call him, say,...'Tyler Durden') has been signing his (tiring) cyber-missives with a public key. And now let's say there's some guy at a party claiming to be that very same Tyler Durden, but you're not so sure (this real-life Tyler Durden is WAY too much of an obvious chick-magnet to be the same guy that posts on the Internet). BUT, you happen to have your Palm Pilot(TM), and so does he. So you both both engage the little hand-shaking app on your PP (using Tyler Durden's public key) and there's verification. Yep. Same dude. No, not 'same dude'. Same key. -BIG- difference. And for extra credit, when might the chipsets be available for incorporating this functionality into, say, a wristwatch so that the protocol runs automatically (giving you a beep, for instance, only if there's a mismatch)? (This I'm sure the feds must already have.) FPGA, then of course if you're building digital watches you're going to use a proprietary chip and such. -- We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, Plan 9 from Outer Space [EMAIL PROTECTED][EMAIL PROTECTED] www.ssz.com www.open-forge.org
Re: Palm Pilot Handshake
On Tue, 28 Jan 2003, Tyler Durden wrote: Yo! Anyone out there in codeville know if the following is possible? I'd like to be able digitally shake hands using a Palm Pilot. Is this possible? Yes. And now let's say there's some guy at a party claiming to be that very same Tyler Durden, but you're not so sure (this real-life Tyler Durden is WAY too much of an obvious chick-magnet to be the same guy that posts on the Internet). BUT, you happen to have your Palm Pilot(TM), and so does he. So you both both engage the little hand-shaking app on your PP (using Tyler Durden's public key) and there's verification. Yep. Same dude. (You then procede to prostrate yourself before this obvious godlet, stating I'm not worthy, Sire.) Or punch him in the nose :-) Is this possible within the memory constraints of a Palm device? What about with a booster pack of memory? If not, is some sort of Public Key Masking possible so that a 'less secure' handshake is possible using a subset of the public key? It's there. And you have lots of choices of algorithms too. Maybe too many choices... And for extra credit, when might the chipsets be available for incorporating this functionality into, say, a wristwatch so that the protocol runs automatically (giving you a beep, for instance, only if there's a mismatch)? (This I'm sure the feds must already have.) It's there. Check out smart cards. One chip does the job quite nicely. Way too many choices there too. Do a web search for secure cryptographic hardware. Have lots of time to read :-) Patience, persistence, truth, Dr. mike
Re: Palm Pilot Handshake
-- On 28 Jan 2003 at 20:54, Tyler Durden wrote: Yo! Anyone out there in codeville know if the following is possible? I'd like to be able digitally shake hands using a Palm Pilot. Is this possible? What I mean is, Let's say some disgruntled and generic crypto-kook (let's call him, say,...'Tyler Durden') has been signing his (tiring) cyber-missives with a public key. And now let's say there's some guy at a party claiming to be that very same Tyler Durden, but you're not so sure (this real-life Tyler Durden is WAY too much of an obvious chick-magnet to be the same guy that posts on the Internet). BUT, you happen to have your Palm Pilot(TM), and so does he. So you both both engage the little hand-shaking app on your PP (using Tyler Durden's public key) and there's verification. Yep. Same dude. (You then procede to prostrate yourself before this obvious godlet, stating I'm not worthy, Sire.) This can be done without a palm pilot. Normally the flesh and blood Tyler Durden would reveal knowledge of information sent encrypted to the net Tyler Durden, or vice versa. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG +OfNblhcCuKIKF5MFg7gpgfNLhp99TtnhvtpjA6D 4yJKSl2sqFg6P1vGn5ClsKRon31LJE1uCGdVuiQEE
Re: Palm Pilot Handshake
From: Tyler Durden [EMAIL PROTECTED] I'd like to be able digitally shake hands using a Palm Pilot. Is this possible? I think you mean public key based authentication. Is this possible within the memory constraints of a Palm device? What about with a booster pack of memory? If not, is some sort of Public Key Masking possible so that a 'less secure' handshake is possible using a subset of the public key? I doubt memory is likely to be an issue with this since decade old DOS handhelds ran PGP 2.x fine and if you google for palm pilot crypto you will find 2000 vintage ports of OpenPGP and OpenSSL. The Palms do have fairly slow processors so checking keys may take a while and generating them probably quite a long time. More modern PDAs such as the Zaurus or iPaq have processors which are an order of magnitude faster and run linux so PGP (or GPG or whatever) should work. Also the new generation of mobiles which run Java are probably the future once the standards settle down and the phones become more reliable. I can see little point in trying to use shorter keys which would be a very broken solution to a probably non-existent problem. People should be using longer keys rather than shorter ones, since most of the news about short key lengths isn't good (google DJB RSA). And for extra credit, when might the chipsets be available for incorporating this functionality into, say, a wristwatch so that the protocol runs automatically (giving you a beep, for instance, only if there's a mismatch)? It's more a software issue than a hardware issue. It's not much of a software problem since RSA can be written in a few lines of code. If you have a high level language running on (or compiler) for the hardware then you can easily port open source crypto. This is probably a safer solution from a security aspect than relying on potentially backdoored or legally restricted chipsets. Suitable hardware has been available for 10 years or longer with a lot of publicity for the Java ring and iButtons about 5 years back. (This I'm sure the feds must already have.) It's possible the US Govt. uses iButtoms but I would very much doubt it's used much in production. State agencies tend to be *very* conservative with authentication and rely on physical identity cards, individually issued (and revocable) PIN numbers and the like. They are run by grey men rather than techno-fetishist computer geeks. -- 1024/D9C69DF9 Steve Mynott [EMAIL PROTECTED]