[11722] in cryptography@c2.net mail archive
Re: unforgeable optical tokens?
daemon@ATHENA.MIT.EDU (Barney Wolff)
Sat Sep 21 19:15:49 2002
Date: Sat, 21 Sep 2002 15:05:23 -0400
From: Barney Wolff <barney@tp.databus.com>
To: David Wagner <daw@mozart.cs.berkeley.edu>
Cc: cryptography@wasabisystems.com
In-Reply-To: <amh2ge$dta$1@abraham.cs.berkeley.edu>
On Sat, Sep 21, 2002 at 06:10:22AM +0000, David Wagner wrote:
> Barney Wolff wrote:
> >Actually, it can. The server can store challenge-responses in pairs,
> >then send N as the challenge and use the N+1 response (not returned)
> >as the key.
>
> But why bother? What does this add over just using crypto
> without their fancy physical token? The uncloneability of
> their token is irrelevant to this purpose. You might as well
> just carry around a piece of paper, or a floppy disk, with a
> list of keys on it.
In a logical sense, perhaps nothing. But in a practical sense, two
methods of key agreement that produce equal-entropy keys may differ
in computational cost or latency. I don't pretend to know how this
would compare with other key derivations on those axes.
The advantage over paper or floppy is as stated - temporary posession
of the token does not allow the attacker to see or spoof future traffic.
However, it would make prior traffic vulnerable, so I must agree that
simpleminded token-based key derivation does not appear to be prudent.
--
Barney Wolff
I'm available by contract or FT: http://www.databus.com/bwresume.pdf
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
