Re: What 'NSA'?
From: Anne & Lynn Wheeler (lynn_at_garlic.com)
Date: 12/04/03
- Next message: Mok-Kong Shen: "Re: What 'NSA'?"
- Previous message: Tom St Denis: "Re: What 'NSA'?"
- In reply to: Mok-Kong Shen: "Re: What 'NSA'?"
- Next in thread: Mxsmanic: "Re: What 'NSA'?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 04 Dec 2003 14:19:43 GMT
Mok-Kong Shen <mok-kong.shen@t-online.de> writes:
> 3DES was originally intended for protection of transfer
> of large volumes of money among banks themselves long
> ago and there was a standard document for such banking
> use of 3DES, if I don't err. It seems on the other hand
> not easy for outsiders to get details of how they actually
> protect that high-value transfer. But nowadays even the
> customer to bank link is protected by 3DES, at least
> for certain banks, see e.g.
an issue is security proportional to risk. the attack on DES isn't on
the algorithm but brute force against specific keys. 3DES extends the
size of the keys making brute force attack much more difficult.
atm machines, etc, have had derived key DES (DUKPT) for some time. a
des key is generated from the machine master key and some unique
characteristics of the transaction. brute force against any specific
transaction DUKPT key ... could eventually recover the contents of
what that transaction happened to be ... but will not recover any
additional information.
DUKPT is designed to be non-reversible analogous to SHA-1 and
misc. other hashes.
that doesn't mean that there aren't attacks on non-reversible techniques
... recent thread on one time password (OTP) attack:
http://www.garlic.com/~lynn/2003m.html#50 public key vs passwd authentication?
http://www.garlic.com/~lynn/2003n.html#0 public key vs passwd authentication?
http://www.garlic.com/~lynn/2003n.html#1 public key vs passwd authentication?
http://www.garlic.com/~lynn/2003n.html#2 public key vs passwd authentication?
http://www.garlic.com/~lynn/2003n.html#3 public key vs passwd authentication?
misc. standards on one time password ... select
http://www.garlic.com/~lynn/rfcietff.htm
and in "RFCs listed by" select "Term (term->RFC#)"
and in "Acronym Fastpath" select "OTP"
i.e.
one-time password (OTP)
see also password
2444 2289 2243 1938 1760
selecting any RFC number, brings up the RFC summary in the lower frame.
selecting the ".txt=" field retrieves the actual RFC.
-- Anne & Lynn Wheeler | lynn@garlic.com - http://www.garlic.com/~lynn/ Internet trivia, 20th anniv: http://www.garlic.com/~lynn/rfcietff.htm
- Next message: Mok-Kong Shen: "Re: What 'NSA'?"
- Previous message: Tom St Denis: "Re: What 'NSA'?"
- In reply to: Mok-Kong Shen: "Re: What 'NSA'?"
- Next in thread: Mxsmanic: "Re: What 'NSA'?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
