[EMAIL PROTECTED] wrote: > On Thu, Aug 28, 2008 at 04:11:41PM -0700, David Brown wrote: >> HMAC(secret, counter) > > I thought one of the conditions was to not store the secret on the server. > HMACs would require the secret being on the gizmo and the server no? > > With those constraints wouldn't you have to do something like RSA where gizmo > sends a digital signature of time stamp to server instead? >
If I understand, someone was saying that adding a PK algorithm to the little cpu would be too much for it. And then there's the disturbing bottom-line that the factor is [human-entry] limited to a short string of characters, so one has to wonder about the overall strength of the system anyway! Regards, ..jim -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
