[Cryptography] What do we mean by ... ???
Natanael
natanael.l at gmail.com
Tue Feb 17 18:12:10 EST 2015
Den 17 feb 2015 23:38 skrev "Jerry Leichter" <leichter at lrw.com>:
> A tangent, and just a matter of satisfying my curiosity: Can Achmed
forge a session from me *to himself*? It sounds odd, but if he can, he can
create a fake order apparently from me and insist I pay for it. Sure, I
can add a separate signature to every order - but if it could someone come
out of this protocol, so much the better.
> -- Jerry
The U2F response is a ECDSA signature of the challenge, and only the
hardware token is capable of decrypting the private key in question and
thus only the token can sign.
However, it isn't meant to sign arbitary plaintext as a way to sign a
contract. Achmed could send you a challenge to sign that references a
different receipt via a hash, but you could argue that the protocol is
designed to not care about that and that it by design wasn't displayed to
you.
Your authentication is only directed to Achmed the service provider, nobody
else.
The Yubikey NEO is however also PGP capable, he could ask you to sign the
data via an interface showing what you're signing. That's however separate
from the U2F functionality.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150218/097b3cf4/attachment.html>
More information about the cryptography
mailing list