[2118] in cryptography@c2.net mail archive
Re: Something really new??
daemon@ATHENA.MIT.EDU (Peter Krautscheid)
Fri Feb 6 15:36:15 1998
From: Peter Krautscheid <pwk@OpenMarket.com>
Date: Fri, 6 Feb 1998 15:24:54 -0500
To: barney@databus.com
CC: cryptography@c2.net
In-reply-to: <34db65740.1f72@databus.databus.com> (message from Barney Wolff on Fri, 6 Feb 1998 14:07 EST)
> With all due respect, this seems like overkill. It's easy (and I would
> have thought obvious) to make this determination using existing
> algorithms. A and B each pick a large random number, say Ra and Rb, and
> exchange them. A computes a keyed hash of (A,Rb,Ra) and sends it to B,
> while B computes the hash of (B,Ra,Rb) and sends it to A.
If, say, B wishes to cheat, he can send (X,Ra,Rb) to A while A, in
good faith, sends (A,Ra,Rb) to B. A will assume the secrets don't
match. B can compute (B,Ra,Rb) offline, make the comparison, and get
the desired information.
If the secret is something from a relatively small set (ie the name of
an employee, the example given in the original message), either A or B
can easily compute (S,Ra,Rb) for all reasonable instances of S and
match against the information provided by the other.
-pete
