[6435] in cryptography@c2.net mail archive
Re: small authenticator
daemon@ATHENA.MIT.EDU (Bill Stewart)
Thu Jan 20 14:38:31 2000
Message-Id: <3.0.5.32.20000119123706.00a5a100@idiom.com>
Date: Wed, 19 Jan 2000 12:37:06 -0800
To: staym@accessdata.com, cryptography@c2.net
From: Bill Stewart <bill.stewart@pobox.com>
In-Reply-To: <38860C32.18AB@accessdata.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
You don't have enough room for RSA keys.
I'd be surprised if you could fit elliptic-curve math into
something that small, though there's enough room to store keys.
Maybe the Certicom folks know more about it.
For some kinds of authentication, a MAC is fine -
you've got a server somewhere that knows your key,
and the chip and the server both calculate Hash(Key,Challenge).
Or you use a symmetric-key algorithm and calculate E(K,C).
Both are relatively hard to crack, if your keys are long enough,
but you need to have an environment where that's a useful
mode of operations.
At 12:10 PM 01/19/2000 -0700, staym@accessdata.com wrote:
>Several people have suggested using a MAC; my problem is that the
>opponent can reverse-engineer the chip and find the key. I was hoping
>to give the chips a public key and have it encrypt a challenge that I'll
>respond to. On my side, I'd need to prevent chosen-cipehrtext attacks.
>--
>Mike Stay
>Programmer / Crypto guy
>AccessData Corp.
>mailto:staym@accessdata.com
>
>
>
Thanks!
Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
