At 5:11 PM -0700 9/20/02, David Wagner wrote: >Perry E. Metzger wrote: >>But if you can't simulate the system, that implies that the challenger >>has to have stored the challenge-response pairs because he can't just >>generate them, right? That means that only finitely many are likely to >>be stored. Or was this thought of too? > >I believe the idea is that there are gazillions of possible challenges. >The challenger picks a thousand randomly in advance, scans the token >from the corresponding thousand different angles to get the thousand >responses, and stores all them. Then, later, the challenger can select >one of his stored challenges, pass it to a remote entity, and demand >the correct answer. Of course, a challenger must never re-use the same >challenge twice.
If the challenger selects several of his stored challenges, and asks the token reader to return a secure hash of the answers (in order), no information will be leaked about the response to any individual challenge. This procedure will allow the challenger to perform a large number of verifications with a relatively small number of stored challenge-response pairs. Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave. [EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]