1998-09-21 - Re: ArcotSign (was Re: Does security depend on hardware?)

Header Data

From: Mok-Kong Shen <mok-kong.shen@stud.uni-muenchen.de>
To: Bruce Schneier <schneier@counterpane.com>
Message Hash: 47f9069fa4ef6097ccb54a9e7e8b97afd61ea1f8e51ed12ee7ad6c7c87e692e7
Message ID: <36079C71.1D2880EA@stud.uni-muenchen.de>
Reply To: <Pine.LNX.3.96.980921133001.20069A-100000@blackbox>
UTC Datetime: 1998-09-21 23:45:43 UTC
Raw Date: Tue, 22 Sep 1998 07:45:43 +0800

Raw message

From: Mok-Kong Shen <mok-kong.shen@stud.uni-muenchen.de>
Date: Tue, 22 Sep 1998 07:45:43 +0800
To: Bruce Schneier <schneier@counterpane.com>
Subject: Re: ArcotSign (was Re: Does security depend on hardware?)
In-Reply-To: <Pine.LNX.3.96.980921133001.20069A-100000@blackbox>
Message-ID: <36079C71.1D2880EA@stud.uni-muenchen.de>
MIME-Version: 1.0
Content-Type: text/plain



Bruce Schneier wrote:
> 
> At 02:28 PM 9/22/98 +0100, Mok-Kong Shen wrote:
> >Bruce Schneier wrote:
> >>
> >> At 02:20 PM 9/22/98 +0100, Mok-Kong Shen wrote:
> >
> >> >If the 'mathematical magic' is not to be kept secret (as in principle
> >> >shouldn't for all crypto algorithms) then presumably one could
> >> >attack through brute forcing the 'remembered secrect', I guess.
> >>
> >> Yes, but only through an on-line protocol.   And if the server has some
> >> kind of "turn the user off after ten bad password guesses," then the
> >> atack doesn't work.
> >
> >I remember someone wrote of the case where the attacker got the
> >file with the millions of passwords. Then if he also knows the
> >'mathematical magic' he could presumably do offline work. So I
> >suppose that the 'mathematical magic' has to be kept secret, which
> >would work against the generally accepted crypto principles.
> 
> No.  The online protocol can be public.  Nothing has to be kept secret
> in order for this to work.  That would be stupid; we all know that.

I suppose you misunderstood me. I mean the 'mathematical magic'
cannot be made public. (Or is 'online protocol' = 'mathematical magic'?)
If the 'magic' is public then the attacker with the pool of passwords
could brute force offline.

M. K. Shen





Thread