Re: Method of authentication
From: Tamir (viruses.live_at_gmail.com)
Date: 10/19/05
- Next message: Tamir: "Re: Method of authentication"
- Previous message: Joseph Ashwood: "Re: Method of authentication"
- In reply to: Kristian Gjøsteen: "Re: Method of authentication"
- Next in thread: Kristian Gjøsteen: "Re: Method of authentication"
- Reply: Kristian Gjøsteen: "Re: Method of authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 19 Oct 2005 05:26:11 -0700
> I'll try to ask a few questions for you to ponder, but the bottom
> line is: Don't design your own cryptoprimitives, except for fun.
What makes you think this isn't for fun? I just wanted to know where
the hole is.
> How do they use a sequence of random numbers to identify each other?
> Please, no handwaving, just describe precisely how you would go about
> doing it.
I don't know what handwaving is, but I'll answer the question. One
machine has an infra-red transmitter, the other a reciever. One sends
the random number, the other checks it against its own number.
> Is it low on "calculations"? How does it compare with say RC4?
Is this rhetorical? I'm not sure how RC4 works, but I think it's safe
to say that this algorithm is very easy for a computer, or a cheap
chip, to do.
> >So, is there an easy way to crack this that I'm overlooking?
>
> Yes. The least significant digits going into the permutation step
> are non-uniformly distributed. This most likely reveals the
> permutation, which then reveals the input value, and then you get
> the starting value.
Ok, my vocabulary needs work.
>>From what I understood, you're saying that some of the digits aren't so
random when they go into the array, and using this information, you can
find the array.
That's the weak point of the algorithm, but there are two things
preventing that:
1) Chopping off the first few digits. The more you chop off, the more
uniformly distributed the ones left are.
2) The step after the permutation - mixing the digits and putting them
back into the array. For example, if you have the numbers 12, 34, and
56, it will switch them into 41, 63, and 25. Then they get put into the
array again. If you do this enough times, retracing it becomes near
impossible.
> And by the way, if you want comments on an algorithm, you really
> need to be precise. No handwaving!
Again, I don't know what that means. If there's something unclear, just
tell me.
- Next message: Tamir: "Re: Method of authentication"
- Previous message: Joseph Ashwood: "Re: Method of authentication"
- In reply to: Kristian Gjøsteen: "Re: Method of authentication"
- Next in thread: Kristian Gjøsteen: "Re: Method of authentication"
- Reply: Kristian Gjøsteen: "Re: Method of authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
