SJS wrote:
Fob encrypts hash with private key -- that's your digital signature --
and then you hash *that* to get the short string to send to the server.
That's what you suggested, yes?
The point of digital signatures is that I can't create 'em with the
public key.
Yeah, the more I think about this, the less convinced I am that it can
work. There really isn't any way to transfer a *part* of something in a
way that the other side can verify *and* not be in a position that you
can be impersonated by the server.
Okay, RSA keyfob display doesn't work without shared secret.
So, if I assume that this thing *has* to be USB connected, I really like
the whole "impersonate a keyboard" thing. So, effectively you sign
something with your private key on the fob and transmit it across the
channel in full even if it's lots of bits.
So, the question is what do you sign? Obviously, time should be part of
it, and with full access to the time the fob thinks it is buried in the
message, you can actually have tighter time granularity than an RSA fob.
However, if *time* is the only thing that changes, is that enough? My
gut feel is that there might be some attack, but maybe not. Most
encryption algorithms shuffle bits sufficiently well that even small
changes propagate to large differences.
So, the question is, is there a "known small plaintext" attack against
digital signatures.
And is there any way to use AES for public-key digital signatures? The
question is asked since these chips have an AES engine on them.
-a
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
