Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:06
Jim Gillogly (jim@acm.org)
Fri, 29 Jan 1999 10:12:39 -0800
I said that the suggested system is no more secure against a known plaintext
attack than (say) using a master key to encrypt a cleartext nonce to get the
session key for that message.
M-K Shen replies:
> I'll attempt to answer your question. One thought behind the scheme
> is that, if the system as a whole is not broken, then using the
> correct key can serve as sort of authentification.
In that if the recipient can read the current message, he's assured that
he has the entire conversation on both sides? True enough, but that's
a bug rather than a feature. Consider the following exchange:
Msg ?->? Time Key Plaintext
1 A->B 0305 E(Init) Hi, here's my first message, with the key we agreed
on.
2 B->A 0310 E(H(1)) Works great! Let's start a conspiracy or porno
ring!
3 A->B 0312 E(H(1,2)) Good plan! Details to follow.
4 B->A 0314 E(H(1..3)) OK, I'll look forward to 'em.
5 A->B 0314 E(H(1..3)) You go buy the ammonium nitrate, and I'll get the
girlz.
6 B->A 0316 E(H(1..4)) What? Please repeat?
7 A->B 0320 E(H(1..5)) Your last message garbled. Please repeat.
8 B->A 0325 E(H(1..4,6)) Hello??
9 A->B 0330 E(H(1..5,7)) Hello??
Yes, there are ways to get re-synched, but (a) you need to specify them,
and (b) you've gone to a lot of work to achieve something you really don't
want to achieve... i.e. sensitive dependence on a shared idea of the complete
plaintext exchange. One thing you <don't> want to do is put the burden on
the lowly code clerk at each end to try a bunch of plaintext permutations to
try to guess what key was used in the last message.
-- Jim Gillogly Trewesday, 8 Solmath S.R. 1999, 17:54 12.19.5.16.3, 10 Akbal 16 Muan, Eighth Lord of Night
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:06