[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ASK ToolKit Clarifications
At 09:27 AM 8/29/97 -0400, Myron Lewis wrote:
>I know that the claims we make for the ASK ToolKit(TM) sound
>a little too good to be true.
...
>The ASK ToolKit does not do encryption.
>It only provides keys on demand for encryption.
And his web page says
> you will be able to offer your customers the most secure applications
available.
>And they won't have to endure the pain of dealing with,
>or spending the money for, key management systems.
The toolkit is fairly straightforward, if the descriptions are accurate.
Alice exchanges a secret with Bob somehow, and keeps track of
which secret goes with which recipient, i.e. does the key management -
either inside the toolkit, making the toolkit somewhat useful,
or outside the toolkit, making the toolkit annoying to use.
At that point, Alice and Bob both have Secret(Alice,Bob),
and a counter N of the number of session keys they've generated.
When Alice wants to send Message to Bob, she uses the toolkit to calculate
(SessionKey(N), Stuff2) = f(N, Secret(Alice,Bob),Alice,Bob,Stuff1)
and sends Bob (N,Stuff1,Stuff2,Alice,Bob) and E(Message,SessionKey(N)).
Having not licensed a copy of the toolkit, I don't know whether
Stuff1 and Stuff2 are transmitted, non-transmitted, or empty sets,
or whether the function f maintains state other than N (if it does,
then Stuff1 and Stuff2 are the state variables, with Stuff1(N+1)==Stuff2(N).)
Some popular variants on this are
f() = Hash(Secret,N)
(tends to leak)
f() = Hash(N,Secret,N) or Hash(N,Hash(Secret,N)) or Hash(Secret,N,Secret)
f() = Hash(SessionKey(N-1)) == Hash**N(Secret)
(terrible - leaks badly.)
f() = (Hash2(salt,Hash**N(Secret)), salt)
(much stronger if Hash2 is good.)
Then there's S/Key: f() = Hash**(M-N)(Secret) where M is a big number,
typically 100.
This works well for passwords, since you can easily verify that
Hash**N(f()) = Secret,
though it's dangerous for encryption passwords, since cracking one message
key cracks
all the previous messages.
# Thanks; Bill
# Bill Stewart, +1-415-442-2215 [email protected]
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
# (If this is a mailing list or news, please Cc: me on replies. Thanks.)