By the way, are there non-PK-based authentication methods that do not
transmit a secret in cleartext, but at the same time allow to keep the
secrets protected by one-way encryption (a' la crypt())? Hash-based
challenge-response protocols (like CHAP or APOP) all share the serious
Achilles' heel of a vulnerable cleartext password database.
Enzo
----- Original Message -----
From: Bill Stewart <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, January 20, 2000 4:37
Subject: Re: small authenticator
> You don't have enough room for RSA keys.
> I'd be surprised if you could fit elliptic-curve math into
> something that small, though there's enough room to store keys.
> Maybe the Certicom folks know more about it.
>
> For some kinds of authentication, a MAC is fine -
> you've got a server somewhere that knows your key,
> and the chip and the server both calculate Hash(Key,Challenge).
> Or you use a symmetric-key algorithm and calculate E(K,C).
> Both are relatively hard to crack, if your keys are long enough,
> but you need to have an environment where that's a useful
> mode of operations.
>
>
> At 12:10 PM 01/19/2000 -0700, [EMAIL PROTECTED] wrote:
> >Several people have suggested using a MAC; my problem is that the
> >opponent can reverse-engineer the chip and find the key. I was hoping
> >to give the chips a public key and have it encrypt a challenge that I'll
> >respond to. On my side, I'd need to prevent chosen-cipehrtext attacks.
> >--
> >Mike Stay
> >Programmer / Crypto guy
> >AccessData Corp.
> >mailto:[EMAIL PROTECTED]
> >
> >
> >
> Thanks!
> Bill
> Bill Stewart, [EMAIL PROTECTED]
> PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
>
