Re: public key password authentication

Mike Amling <nospam@xxxxxxxxxx> writes:
But if the client has information beyond the password that the
server does not have, for example, a private key protected by the
user's password, then an attacker (who may be the server admin) with
the corresponding public key but not the ciphertext containing the
private key will find dictionary attack infeasible (assuming
reasonable public/private key parameters). The authentication protocol
may then be, for example, a zero knowledge proof of possession of the
private key.

re:
http://www.garlic.com/~lynn/2007i.html#63 public key password authentication

there can be a separate kind of vulnerability against some
public/private key infrastructures ... the issue is some operations have
also looked at equated digital signatures (on documents and other
things) ... as equivalent to human signatures (i.e. intent, implying
having read, understood, approves, agrees, and/or authorizes) ...
something that digital signatures were never designed to do ... but
happens possibly because of semantic confusion generated because both
"digital signatures" and "human signatures" both contain the word
"signature"

this can be a dual-use attack ... when somebody at a server site
.... instead or random data to be digital signed for authentication
(countermeasure to replay attacks) transmits some sort of valid
document. the exposure is, in part, because the majority of the
authentication protocols will automatically digitally signed the
transmitted "random data" w/o allowing the human to ever examine the
contents.

some past posts discussing dual-use attack against digital signature
infrastructures that attempt to extend it to be equivalent to
human signature ... something that it was never intended to do:
http://www.garlic.com/~lynn/aadsm17.htm#57 dual-use digital signature vulnerability
http://www.garlic.com/~lynn/aadsm17.htm#59 dual-use digital signature vulnerability
http://www.garlic.com/~lynn/aadsm18.htm#1 dual-use digital signature vulnerability
http://www.garlic.com/~lynn/aadsm18.htm#2 dual-use digital signature vulnerability
http://www.garlic.com/~lynn/aadsm18.htm#3 dual-use digital signature vulnerability
http://www.garlic.com/~lynn/aadsm18.htm#56 two-factor authentication problems
http://www.garlic.com/~lynn/aadsm19.htm#41 massive data theft at MasterCard processor
http://www.garlic.com/~lynn/aadsm19.htm#43 massive data theft at MasterCard processor
http://www.garlic.com/~lynn/aadsm20.htm#0 the limits of crypto and authentication
http://www.garlic.com/~lynn/aadsm21.htm#5 Is there any future for smartcards?
http://www.garlic.com/~lynn/aadsm21.htm#13 Contactless payments and the security challenges
http://www.garlic.com/~lynn/aadsm23.htm#13 Court rules email addresses are not signatures, and signs death warrant for Digital Signatures
http://www.garlic.com/~lynn/aadsm26.htm#63 Public key encrypt-then-sign or sign-then-encrypt?
http://www.garlic.com/~lynn/2004i.html#17 New Method for Authenticated Public Key Exchange without Digital Certificates
http://www.garlic.com/~lynn/2004i.html#21 New Method for Authenticated Public Key Exchange without Digital Certificates
http://www.garlic.com/~lynn/2005.html#14 Using smart cards for signing and authorization in applets
http://www.garlic.com/~lynn/2005b.html#56 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005e.html#31 Public/Private key pair protection on Windows
http://www.garlic.com/~lynn/2005g.html#46 Maximum RAM and ROM for smartcards
http://www.garlic.com/~lynn/2005m.html#1 Creating certs for others (without their private keys)
http://www.garlic.com/~lynn/2005m.html#11 Question about authentication protocols
http://www.garlic.com/~lynn/2005o.html#3 The Chinese MD5 attack
http://www.garlic.com/~lynn/2005q.html#23 Logon with Digital Siganture (PKI/OCES - or what else they're called)
http://www.garlic.com/~lynn/2005s.html#52 TTP and KCM
http://www.garlic.com/~lynn/2005v.html#3 ABN Tape - Found
http://www.garlic.com/~lynn/2006d.html#32 When *not* to sign an e-mail message?
http://www.garlic.com/~lynn/2006s.html#34 Basic Question
.

Relevant Pages

  • Re: IPSEC with non-domain Server
    ... with kerberos performing digital signature validation using the on-file ... public keys for "something you have" authentication. ... there is a business process defined called public key ... ... the total stranger has gone to a certification ...
    (microsoft.public.security)
  • Re: Need a HOW TO create a client certificate for partner access
    ... > information I got from MS and Technet about client certificate. ... it is probably the most pervasive authentication ... infrastructure for performing digital signature verification w/o ... public key and compares the two hashes. ...
    (microsoft.public.windows.server.security)
  • Re: Digital Singatures question
    ... a business process is defined called public key; ... there is a business process called digital signature. ... "something you have" authentication ... ... has access to and use of the corresponding private key. ...
    (comp.security.misc)
  • Re: Logon with Digital Siganture (PKI/OCES - or what else theyre called)
    ... > Has anyone got the least experience in integrating the Digital Signature ... One of the issues has been confusing identification and authentication. ... there is business process defined called public key ... ... digitally0signed digital certificates that contains the certified ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: The Chinese MD5 attack
    ... > It would be better if the authentication was outside of the computer. ... with digital signature authentication. ...
    (sci.crypt)