1998-09-21 - Re: ArcotSign (was Re: Does security depend on hardware?)

Header Data

From: Bruce Schneier <schneier@counterpane.com>
To: Mok-Kong Shen <mok-kong.shen@stud.uni-muenchen.de>
Message Hash: dce17c5207d43b0c46ea79b9100612c19c9af767b4fd834a091fb95dad06a826
Message ID: <199809221250.HAA03398@mixer.visi.com>
Reply To: <Pine.LNX.3.96.980921133001.20069A-100000@blackbox>
UTC Datetime: 1998-09-21 23:48:11 UTC
Raw Date: Tue, 22 Sep 1998 07:48:11 +0800

Raw message

From: Bruce Schneier <schneier@counterpane.com>
Date: Tue, 22 Sep 1998 07:48:11 +0800
To: Mok-Kong Shen <mok-kong.shen@stud.uni-muenchen.de>
Subject: Re: ArcotSign (was Re: Does security depend on hardware?)
In-Reply-To: <Pine.LNX.3.96.980921133001.20069A-100000@blackbox>
Message-ID: <199809221250.HAA03398@mixer.visi.com>
MIME-Version: 1.0
Content-Type: text/plain



At 02:47 PM 9/22/98 +0100, Mok-Kong Shen wrote:
>Bruce Schneier wrote:
>> 
>> At 02:28 PM 9/22/98 +0100, Mok-Kong Shen wrote:
>> >Bruce Schneier wrote:
>> >>
>> >> At 02:20 PM 9/22/98 +0100, Mok-Kong Shen wrote:
>> >
>> >> >If the 'mathematical magic' is not to be kept secret (as in principle
>> >> >shouldn't for all crypto algorithms) then presumably one could
>> >> >attack through brute forcing the 'remembered secrect', I guess.
>> >>
>> >> Yes, but only through an on-line protocol.   And if the server has some
>> >> kind of "turn the user off after ten bad password guesses," then the
>> >> atack doesn't work.
>> >
>> >I remember someone wrote of the case where the attacker got the
>> >file with the millions of passwords. Then if he also knows the
>> >'mathematical magic' he could presumably do offline work. So I
>> >suppose that the 'mathematical magic' has to be kept secret, which
>> >would work against the generally accepted crypto principles.
>> 
>> No.  The online protocol can be public.  Nothing has to be kept secret
>> in order for this to work.  That would be stupid; we all know that.
>
>I suppose you misunderstood me. I mean the 'mathematical magic'
>cannot be made public. (Or is 'online protocol' = 'mathematical magic'?)
>If the 'magic' is public then the attacker with the pool of passwords
>could brute force offline.

No.  You misunderstood me.  There is NOTHING secret except the key.
The online protocol, mathematical magic, source code, algorithm details,
and everything else can be made public.  There are no secrets in the
system except for the keys.

Yes, it's not obvious how you do this.  That's why Arcot is turning this
into a product--it's a good idea.

Bruce
**********************************************************************
Bruce Schneier, President, Counterpane Systems     Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN  55419      Fax: 612-823-1590
           Free crypto newsletter.  See:  http://www.counterpane.com





Thread