[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Safety of pre-shared keys? (Re: Reliable delete notifies)
Ari, does John Pliam's paper answer your question on "what would it take
to fool authentication based on pre-shared keys" ?
http://www.ima.umn.edu/~pliam/xauth/
-----Original Message-----
From: Ari Huttunen [mailto:Ari.Huttunen@F-Secure.com]
Sent: Saturday, October 21, 2000 5:02 PM
To: Henry Spencer
Cc: Jan Vilhuber; ipsec
Subject: Safety of pre-shared keys? (Re: Reliable delete notifies)
Henry Spencer wrote:
>
> On Mon, 9 Oct 2000, Jan Vilhuber wrote:
> > With pure public keys, you need TWO of them. Granted, I can
provision every
> > box with the same private key, which would make it equivalent to the
above
> > group-pre-shared key scenarion. But in reality you need two public
keys,
> > where before you had a single pre-shared key.
>
> Consider them two halves of the same shared secret. There's no
fundamental
> difference...
Incorrect. With a pre-shared key you have one key that is secret. With
public
keys, you have two keys, one of which is public, one is secret. I'm
quite
sure everyone on this list knows this much..
Now, if you have that public key, you CAN give it to some mechanical
calculator
for cracking. Eventually that machine will produce a result, and if it's
based
on quantum computing you might actually get a result before the Big
Crash (if any).
Out of curiosity, what would one need to fool authentication based on
pre-shared keys, assuming only knowledge of things-on-the-wire? Would
the
method learn the value of the pre-shared key or something else? (Would
it
be safe against quantum computers?)
Ari
--
Ari Huttunen phone: +358 9 859 900
Senior Software Engineer fax : +358 9 8599 0452
F-Secure Corporation http://www.F-Secure.com
F-Secure products: Integrated Solutions for Enterprise Security
Follow-Ups: