Re: bootstrapping a secure channel
From: Tom St Denis (tomstdenis_at_iahu.ca)
Date: 08/13/04
- Next message: Allen Pulsifer: "Re: Entropy and Equivalent Key Lengths?"
- Previous message: Allen Pulsifer: "Re: bootstrapping a secure channel"
- In reply to: Allen Pulsifer: "Re: bootstrapping a secure channel"
- Next in thread: Allen Pulsifer: "Re: bootstrapping a secure channel"
- Reply: Allen Pulsifer: "Re: bootstrapping a secure channel"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 13 Aug 2004 15:08:02 GMT
Allen Pulsifer wrote:
> Tom St Denis wrote:
>>>If you use several methods of authentication "in parallel" rather than
>>>"in series", you would achieve a higher result. So for example, if
>>>method A verifies a party's public key with 98% probability, and method
>>>B verifies the key with 95% probability, using both (if they are
>>>independent) verifies the key with a 99.9% probability.
>>
>> I don't think A implies B though. So say A is RSA signature and B is ID
>> card.
>>
>> E.g. I steal his ID card and find a flaw in RSA. So I always pass B and
>> fail A 98% of the time. That's a 2% success not 0.1%
>>
>> The problem with your logic can be stated as "just because I have a valid
>> RSA credential doesn't mean my ID *must* be valid and vice versa".
>
> Hello Tom,
>
> No one said or implied that a valid RSA credential meant the ID card
> must be valid. The word "independent" specifically means the two things
> are not related, that one does not mean the other.
>
> What we are talking about here is using more than one method of
> authentication in order to have a higher level of assurance than just
> using one method alone.
Yes, but the world doesn't work like that.
Suppose you have two problems A and B. A takes 2^128 work and B takes 2^40
work to "break". Again, I spend 2^40 work [which depending on what "work"
is can be very quick] then now all I have to do is break A [or pass by it].
Again, with your early model after 2^40 work I now have a 2% not 0.1% chance
of forging your attributable trust.
> So for example, if you are trying to verify a cryptographic parameter
> like a public key, A might be something like checking the hash of the
> key, B might be something like checking the size, and C might be
> checking the first 20 bytes of the key itself. If you do A and B and C,
> then your level of authentication is greater than doing just one of them.
You can easily forge B and C. So really the difficulty is in A [forging the
hash]. Adding B and C don't make it "harder" in any meaningful sense.
<snip>
Tom
- Next message: Allen Pulsifer: "Re: Entropy and Equivalent Key Lengths?"
- Previous message: Allen Pulsifer: "Re: bootstrapping a secure channel"
- In reply to: Allen Pulsifer: "Re: bootstrapping a secure channel"
- Next in thread: Allen Pulsifer: "Re: bootstrapping a secure channel"
- Reply: Allen Pulsifer: "Re: bootstrapping a secure channel"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
