Re: ArcotSign (was Re: Does security depend on hardware?)

New Message Reply About this list Date view Thread view Subject view Author view

David Jablon (dpj@world.std.com)
Tue, 22 Sep 1998 23:52:14 -0400


Bruce Schneier wrote:
>> The advantages are that offline password guessing is impossible.

At 03:24 PM 9/22/98 +0100, Ben Laurie wrote:
> The 'I' word always makes me nervous - do you really mean that, or do
> you just mean "very difficult"?

Why be nervous? It's not that hard to prevent off-line
guessing of the PIN, given access to just the client's stored
data. Here "impossible" means "as hard as breaking your
favorite PK method".

Here are three ways of authenticating based on PIN + stored key
where the stored client data alone doesn't permit offline PIN
guessing. These methods are arguably better than using a
simplistic PIN-encrypted private key, if you're concerned
about the client spilling its data.

(1) Send the PIN separately, encrypted by the server's public key.
        Don't encrypt the private key with the PIN. Make the server
        verify both PIN and private key to permit a transaction.

(2) Use the PIN + stored data to derive the private key,
        in a way such that any PIN will also generate a valid
        private key.

(3) Verify the PIN (or PIN-derived key) using
        password-authenticated key exchange.

Each of these approaches has other benefits and limitations.
>From the posted description, it sounds like Arcot is using (2),
where the PIN-encrypted data contains no verifiable plaintext.

-------------------------
David P. Jablon
dpj@world.std.com
<http://world.std.com/~dpj/>


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:14:00