1993-04-13 - Re: Security Dynamics

Header Data

From: karn@qualcomm.com (Phil Karn)
To: cypherpunks@toad.com
Message Hash: b62e8d956b872312831653432fcaf739d55154f6d8a5598a9bbb466ba4a9f3b0
Message ID: <9304130815.AA00379@servo>
Reply To: N/A
UTC Datetime: 1993-04-13 08:15:15 UTC
Raw Date: Tue, 13 Apr 93 01:15:15 PDT

Raw message

From: karn@qualcomm.com (Phil Karn)
Date: Tue, 13 Apr 93 01:15:15 PDT
To: cypherpunks@toad.com
Subject: Re: Security Dynamics
Message-ID: <9304130815.AA00379@servo>
MIME-Version: 1.0
Content-Type: text/plain


Several years ago, before leaving Bellcore, I got so annoyed at the
SecurID cards and how they were being foisted on us by a paranoid
security organization that I built an alternative one-time password
system of my own. It's now called "S/KEY" (no, I didn't pick the name).

Essentially, I reinvented a scheme of Leslie Lamport involving iterated
one way functions. Each time you log in, you crunch your password
N-1 times through a one-way function like MD4 or MD5, where N is the
number of times you did it last time. The host crunches it once more
(to make its password file somewhat less sensitive) and compares it to
the stored password. If it matches, the file is updated and you get in.

A passive eavesdropper cannot generate the next password in the
sequence from the current one because that would require inverting the
one-way function.

The nice thing about this scheme is that it provides essentially the
same service as SecurID (protection against passive eavesdropping of
user passwords) without having to pay exhorbitant prices for cards and
integrating some really clunky hardware into your host. You have the
option of building the algorithm into your own comm programs, or even
the ultra-low-tech option of printing out a list in advance and
putting it in your wallet. (Use rice paper if you fear capture - you
can eat it!  :-))

The bad thing about this scheme is that it provides no more protection
than SecurID -- it doesn't stop someone from hijacking your session
after you've authenticated it, nor does it protect the session itself
against eavesdropping.  And frankly, at the time I was more concerned
about the security droids reading my email off the Ethernet than I was
about some outside cracker guessing my password.

Phil





Thread