[6684] in cryptography@c2.net mail archive
ARCOT/Cryptographic Camoflage
daemon@ATHENA.MIT.EDU (Marcus Leech)
Wed Mar 1 10:29:26 2000
Message-ID: <38BC7F26.1BFA07C1@nortelnetworks.com>
Date: Tue, 29 Feb 2000 21:23:34 -0500
From: "Marcus Leech" <mleech@nortelnetworks.com>
MIME-Version: 1.0
To: cryptography@c2.net
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
I've been (repeatedly) attempting to repel a sales droid from ARCOT, who wants
to sell me their "cryptographic camoflage" product. I reviewed their IEEE
paper again, and I'm still unimpressed with this stuff.
In a nutshell, the security of the product lies in keeping the public exponent
secret, as well as the private exponent [It's an RSA system]. The idea is
that
the PIN/passphrase that protects the private exponent need not be that
strong,
since there's no way to verify that you've found the correct private exponent
without also knowing the public exponent (in their scheme, the public
exponent
is picked randomly, and is set to be roughly half the size of the modulus).
There's also a lot of other painful dancing around to make sure that things
like
messages encrypted under the public key are never made available to anyone
but
the "trusted domain" that this system lives in.
The only real protection they have is that the server side of this stuff
disables the user after a small number of failed authentication attempts,
otherwise you could use servers as oracles to test trial decryptions of
the private key.
The system is horribly broken if it's ever possible to intercept a message
encrypted under the public key of the target user, since they make no
attempt to enforce any kind of passphrase quality, and it's not clear
whether they use PKCS#5 techniques to generate (symmetric) keying material
from the
passphrase.
They do use random padding on signatures, which precludes verifying a guess at
the private key by comparing signatures from an intercepted message. But
that's
nothing special--I started doing that years ago.
Has anyone else looked at this stuff?
