directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <akaras...@apache.org>
Subject Re: [triplesec/hauskeys] issues
Date Tue, 24 Jul 2007 00:47:22 GMT
All good points.  You interested in working on the midlet?

Alex

On 7/23/07, Alfred Reibenschuh <alfredreibenschuh@gmx.net> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> hi!
>
> as i found out lately triplesec is in a state of flux
> and elecharny mentioned on irc that it would be a good
> time to raise some issues.
>
> i'd like not to step on somebodies toes so please forgive
> some uncertain language constructs as english is only
> a second language to me.
>
>
> my particular area of interest in triplesec is the hauskey midlet.
>
>
> * the current midlet uses a plain numeric-only pin to decrypt
> the seed-storage and since most pins tend to be 4-6 digits,
> a possible attacker is able to precompute all possible keys
> for all seeds ever issued in this fashion in under one minute.
>
> * the use of the pin-string as the key-byte-array is an unfortunate
> decision since it increases the chances of actually using weak and
> semi-weak des-keys which are prone to cryptographic shortcut attacks.
>
> * the use of the des-cipher is an unfortunate decision since
> it can be brute-forced with under U$D 10,000 hardware in under
> 10 days.
>
> * des has a nominal strength of 56 bits (nowadays weak) whereas
> the usage of a four-digit pin reduces this to 13 bits!
>
>
> proposed solution:
>
> * use randomly keyed rsa/elgamal cipher (>=2048bits) for seed.
>
> * use pin combined with an iv to keywrap random-key (aes/3des).
>
> * make pin alpha-numeric with 4-12 chars.
>
> this would mean that the seed itself can only be brute-forced
> and only with "large prime factorization" :-)
>
> as long as a good keywrap with iv is used the only attack would be
> brute-forcing the 256-768 bit key/iv-space :-)
>
> precomputation would only be possible if the large storage
> requirements could be met and than only for a single known
> issued token-seed, making it equal to brute-force :-)
>
>
> cheers,
>
>
> fredo
> - --
> Schonmal davon gehoert, dass nicht jeder linux user gleich ein
> programmierer ist, der alles, was er selber braucht, auch selber
> programmiert, installiert, patched, hacked oder portiert?
>
> Urks?  Das ist doch nur eine Legende.....
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFGpUV5jKJMaHhpyr4RCEhEAKDCJrGH6hEBnTTNv1d8If626jgdJACeK41k
> VBX7cvAje1+6pjG/gjJARA4=
> =nrqD
> -----END PGP SIGNATURE-----
>

Mime
View raw message