[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question: Key Distr. in realtimeo applications?



Kent writes:

| One-time key, how to distribute to both participants: don't.  Let each
| pick a random key and sent it to the other using the other's public
| key--no need to use the same key in both directions, in fact seems a
| bad idea.

	Sending your otp by RSA reduces the security of your OTP to
that of RSA, since if your RSA key can be broken, the otp can be
obtained.  Since the problem is barely more difficult than factoring
your rsa key (or craking the one time idea password in use), there is
no security gain to the otp.

	otp's require that they be securely distributed.  Usually,
this means a courier with a briefcase full of cd-roms handcuffed to
his wrist, or some other similarly paranoid means.


Adam

-- 
Adam Shostack 				       [email protected]

Politics.  From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.