[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: pre-shared key v RSA encryption or RSA signatureauthentication modes
At 12:00 PM -0500 3/24/02, Andrew Krywaniuk wrote:
>Ask a politically incorrect question like that on a list like this and you
>are bound to get a lot of FUD-type replies. Of course PK crypto has the
>advantage of scalability, but that's not the question you asked. Some people
>replied already, but here's a more presise response.
>
>The fact is, you can get any arbitrary strength you want with either asymm
>or symm algorithms by increasing the keylength. If you want a basis for
>comparing their strengths, you could compare the speed of the algorithms for
>equivalent crypto strength (which is not as silly as it seems, since you are
>always trading off crypto strength for speed). In that case, you could say
>that pre-shared secrets are stronger than public keys. (I don't know of any
>fundamental difference between the strength of PK encryption and PK
>signatures for authentication. )
>
>Also, pre-shared secrets have an additional advantage for authentication,
>which is that you cannot mount a pure offline attack against them. In order
>to get some data for a brute force attack, you must first impersonate the
>responder in an active attack against the initiator. With public keys, you
>can conduct a purely offline attack. Of course, the strength of the
>authentication will still be limited by the amount of entropy in the secret.
>
>Andrew
I'm glad you mentioned what I consider to be a significant downside
of pre-shared secrets, although we come to very different
conclusions. It is not too hard to imagine an attack in which the
initiator connects to the wrong address, e.g., via some form of DNS
attack, and the fake responder collects the initiator's secret, then
drops the connection. This seems like such a serious concern that it
argues very strongly against pre-shared secrets vs. public keys. Note
that using public keys. e.g., in self-signed certs, does not suffer
from this problem.
Steve