Re: Public-key CD-KEY protocol (comments welcomed)
From: Mark Borgerding (mark_at_borgerding.net)
Date: 02/01/04
- Next message: vedaal_at_hush.com: "Re: User interaction patterns as stego"
- Previous message: John E. Hadstate: "Re: Java Problem Encryption"
- Next in thread: Mark Borgerding: "Re: Public-key CD-KEY protocol (comments welcomed)"
- Maybe reply: Mark Borgerding: "Re: Public-key CD-KEY protocol (comments welcomed)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 01 Feb 2004 15:00:10 GMT
I'm not sure why your software requires the two stages (initial &
subsequent verification). If that is a requirement, I'd suggest viewing
them as two separate problems.
For the first stage:
As you noticed, PK offers zero advantage over symmetric crypto for the
first connection. The truncation makes verification impossible without
the private key.
Anything short of the full PK signature cannot be verified. You might
look into elliptic curve cryptography to get the key length down a bit.
Although even the shortest ecc curve suggested by the eccdsa is 163
bits. If you're encoding it base36 then you need 32 chars just for the
signature.
If you can't use the full signature, you could just truncate an HMAC
rather than jump through the PK hoops. It would be simpler and faster.
As for the second stage:
(do your users need to connect every time they use the SW?)
the complete signature you are sending back is just a token that can be
verified. It does not need to have any connection to the initial CD key.
If you went with an HMAC for stage 1, you could define the token as
the CDkey + PKsigned(CDkey).
- Mark Borgerding
Xavier wrote:
>
> - The five first characters of the CD-KEY are arbitrarily chosen to
> represent a unique ID.
>
> - This ID is signed by the private key (SHAH, then RSA). The signature
> is translated by table correspondance into an alphanumerical character
> chain.
>
> - This translated signature is shortened to the 20 first characters, and
> added to the unique ID to form the complete CD-KEY.
>
>
> To verify the CD-KEY:
>
> a) If this is the first connection :
>
> * The client sofware connects to a central secured server that has
> both the private and public RSA key.
>
> * The server signs the unique ID contained in the CD-KEY and compares
> the resulting signature to the second part of the CD-KEY.
>
> * If the two are identical, it sends the complete signature to the
> client, that records it.
>
> * The client goes to b).
>
> b) If this not the first connection, or if a) has been completed :
>
> * The client software connects to another server, that only has the
> public key available.
>
> * The server receives the complete signature (not just the CD-KEY)
> from the client and tries to decrypt it using the public key. If it
> succeeds, the login is allowed.
>
>
> The benefits of this protocol would be that :
>
> - The CD-KEY creation protocol uses well-known algorithms instead of
> home-made and easily crackable ones.
>
> - The private key only needs to be known by a single server with very
> low hardware requirements, as it is only accessed once for every client
> software installed. It can then be more secured and the effect of a DoS
> on it would have less impact, as only new users would be denied access.
>
> But I need feedback about this protocol, as the size limitation on the
> CD-KEY itself (which has to be entered manually by the user) does not
> allow to use an entire signature for the first authentification. I do
> not think this is very harmful (we will never have full security with
> only 25 alphanumerical characters), but I would appreciate points of
> view about this issue.
>
> Any comments welcomed !
>
- Next message: vedaal_at_hush.com: "Re: User interaction patterns as stego"
- Previous message: John E. Hadstate: "Re: Java Problem Encryption"
- Next in thread: Mark Borgerding: "Re: Public-key CD-KEY protocol (comments welcomed)"
- Maybe reply: Mark Borgerding: "Re: Public-key CD-KEY protocol (comments welcomed)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
