directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alfred Reibenschuh <>
Subject [triplesec/hauskeys] issues
Date Tue, 24 Jul 2007 00:19:05 GMT
Hash: SHA256


as i found out lately triplesec is in a state of flux
and elecharny mentioned on irc that it would be a good
time to raise some issues.

i'd like not to step on somebodies toes so please forgive
some uncertain language constructs as english is only
a second language to me.

my particular area of interest in triplesec is the hauskey midlet.

* the current midlet uses a plain numeric-only pin to decrypt
the seed-storage and since most pins tend to be 4-6 digits,
a possible attacker is able to precompute all possible keys
for all seeds ever issued in this fashion in under one minute.

* the use of the pin-string as the key-byte-array is an unfortunate
decision since it increases the chances of actually using weak and
semi-weak des-keys which are prone to cryptographic shortcut attacks.

* the use of the des-cipher is an unfortunate decision since
it can be brute-forced with under U$D 10,000 hardware in under
10 days.

* des has a nominal strength of 56 bits (nowadays weak) whereas
the usage of a four-digit pin reduces this to 13 bits!

proposed solution:

* use randomly keyed rsa/elgamal cipher (>=2048bits) for seed.

* use pin combined with an iv to keywrap random-key (aes/3des).

* make pin alpha-numeric with 4-12 chars.

this would mean that the seed itself can only be brute-forced
and only with "large prime factorization" :-)

as long as a good keywrap with iv is used the only attack would be
brute-forcing the 256-768 bit key/iv-space :-)

precomputation would only be possible if the large storage
requirements could be met and than only for a single known
issued token-seed, making it equal to brute-force :-)


- --
Schonmal davon gehoert, dass nicht jeder linux user gleich ein
programmierer ist, der alles, was er selber braucht, auch selber
programmiert, installiert, patched, hacked oder portiert?

Urks?  Das ist doch nur eine Legende.....
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla -


View raw message