[12759] in cryptography@c2.net mail archive
Re: Encryption of data in smart cards
daemon@ATHENA.MIT.EDU (Anne & Lynn Wheeler)
Thu Mar 13 21:38:26 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
Date: Thu, 13 Mar 2003 14:08:04 -0700
To: John Kelsey <kelsey.j@ix.netcom.com>
From: Anne & Lynn Wheeler <lynn@garlic.com>
Cc: Krister Walfridsson <cato@df.lth.se>, Werner Koch <wk@gnupg.org>,
cryptography@wasabisystems.com
In-Reply-To: <5.2.0.9.0.20030313131055.0442a600@pop.ix.netcom.com>
At 01:13 PM 3/13/2003 -0500, John Kelsey wrote:
>At 11:08 PM 3/12/03 +0100, Krister Walfridsson wrote:
>
>...
>>This is not completely true -- I have seen some high-end cards that use
>>the PIN code entered by the user as the encryption key. And it is quite
>>easy to do similar things on Java cards...
>
>With any kind of reasonable PIN length, though, this isn't all that
>helpful, because of the small set of possible PINs. And smartcards don't
>generally have a lot of processing power, so making the PIN->key mapping
>expensive doesn't help much, either.
>
>> /Krister
>
>--John Kelsey, kelsey.j@ix.netcom.com
note however, that PIN could be possibly in infrastructure with real secret
key and encryption done with derived key. the derived key one-way function
is attempting to protect the infrastructure-wide secret key from brute
force key search on specific piece of data. The issue is how many bits in a
PIN is required to protect the secret key in a one-way function (involving
the secret key and the PIN). A simple derived key is sufficient using the
secret key and public account number. Adding a (privately known, card
specific) PIN to such a derived key function:
1) doesn't increase the ease of attack on the secret key
2) doesn't affect brute force attack on the derived key
3) makes it harder to use a lost/stolen card
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
