[17065] in cryptography@c2.net mail archive
PK -> OTP?
daemon@ATHENA.MIT.EDU (Matt Crawford)
Tue Mar 15 10:39:09 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 14 Mar 2005 09:46:04 -0600
From: Matt Crawford <crawdad@fnal.gov>
To: cryptography@metzdowd.com
My educated-layman's opinion is that the following is not feasible, but
I'd be happy to be shown wrong ...
Given a closed public-key device such as a typical smart card with its
limited set of operations (chiefly "sign"), is it possible to implement
a challenge/response function such that
* Both the challenge and the response are short enough for an average
user to be willing to type them when needed.
* The challenge can be generated, and the response verified using the
cardholder's public key and a reasonable amount of computation.
My reasoning is that the full output of the signing function will
almost always be as long as the key, if only response = f(signature) is
given, with f having a range in some set of size ~ 2^32, verifying
response must be nearly as hard as brute-force guessing.
Matt Crawford <crawdad@fnal.gov>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
