[Cryptography] Are zero knowledge authentication systems safe?
Phillip Hallam-Baker
phill at hallambaker.com
Mon Nov 2 12:09:55 EST 2015
On Sun, Nov 1, 2015 at 8:47 PM, Salz, Rich <rsalz at akamai.com> wrote:
>
>> The good news here is that people are actively doing security modeling and
>> proof for the evolving TLS 1.3 standard, AND the TLS working group is
>> enthusiastically welcoming their results.
>
> Yes. See https://www.internetsociety.org/events/ndss-symposium-2016/tron-workshop-call-papers
>
> TLS 1.3 -- hack it, break it, show what's wrong.
This isn't an issue with the formal approach, it is a problem with the axioms.
In a perfect world XOR (x, RANDOM) is a perfect cipher. In practice
the best you can do is XOR (x, RANDOMISH) and you don't have
perfection.
In the real world H(x) is not a perfect one way function but we can
make a one way function that is good enough to prevent someone
reversing it except by brute force. Even fairly weak digest functions
are still secure for this purpose.
More information about the cryptography
mailing list