unforgeable optical tokens?
Barney Wolff
barney at tp.databus.com
Sat Sep 21 15:05:23 EDT 2002
On Sat, Sep 21, 2002 at 06:10:22AM +0000, David Wagner wrote:
> Barney Wolff wrote:
> >Actually, it can. The server can store challenge-responses in pairs,
> >then send N as the challenge and use the N+1 response (not returned)
> >as the key.
>
> But why bother? What does this add over just using crypto
> without their fancy physical token? The uncloneability of
> their token is irrelevant to this purpose. You might as well
> just carry around a piece of paper, or a floppy disk, with a
> list of keys on it.
In a logical sense, perhaps nothing. But in a practical sense, two
methods of key agreement that produce equal-entropy keys may differ
in computational cost or latency. I don't pretend to know how this
would compare with other key derivations on those axes.
The advantage over paper or floppy is as stated - temporary posession
of the token does not allow the attacker to see or spoof future traffic.
However, it would make prior traffic vulnerable, so I must agree that
simpleminded token-based key derivation does not appear to be prudent.
--
Barney Wolff
I'm available by contract or FT: http://www.databus.com/bwresume.pdf
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list