e: Another entry in the internet security hall of shame....

James A.Donald jamesd at echeque.com
Thu Sep 8 03:22:15 EDT 2005 

    --
From:           	Alaric Dailey
<alaricd at pengdows.com>
> So we are now switching gears? PUBLIC KEYS are now 
> PSK?

Indeed they can be.  The question is, on what basis do 
we know a public key is the right one?  That it has been 
pre-shared, or that an authority has vetted it, as with 
CA certs.

Suppose that when I establish internet access to my bank 
account, I make up a password for my bank account, and 
the client software on my computer generates a private 
key from that password.  I then tell the bank the public 
key corresponding to my password.  (The public key is
not in fact public, but a shared secret) When I next I
log into the bank, the bank must first prove to me
knowledge of a public key corresponding to my password,
without revealing that public key, and I prove to the
bank knowledge of the corresponding private key.  Then I 
cannot log in to a phishing site, and if I did, it would 
do the phishers no good.

Assume the bank has a public elliptic curve, and a
public generator point G on that elliptic curve.  I have
a secret number p, constructed by my computer from my
password, and a shared secret elliptic point,  pre
shared between my bank and me.  I calculated this
elliptic point my multiplying the generator by my secret
number,

When next I log into the bank, the bank invents a random
number r, and sends me the elliptic point rG in the
clear.  I invent a random number s, and send the bank
the elliptic point sG in the clear.  At this point the
bank knows r, sG, and pG, but not s or p.  I know s, p,
and rG, but not r.  The bank knows pG, because we
constructed that when setting up the passwords for my
account, and the bank has stored it ever since.

I calculate (s+p)(rG)

The bank calculates r(sG+pG)

Which are of course equal.  I and the bank now share a
transient secret, which we will use to encrypt
communications following this particular login, until
logout   The evesdropper, man in the middle, or phishing
site, does not have that secret.  The fact that we can
understand each other proves that the right parties are
talking. 

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     YNuqdG3fHUHoOcFSmq0em+tFMqcDwVUWIWgS2s6H
     4QP12giI58sVxIRE6YibnBC6OvfHfpHSK8pbVDKlY


--
http://www.jim.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list