Bennet, Thanks for your prompt response. But I have one further question: Bennet Yee wrote: > > Steve, using assymetric cryptography is not a necessary condition for > distinguish between attackers and valid participants. > > The authentication hash proposed in the passauth3.txt that Tom > Stephens just sent is a bit complicated. I'll first simply point out > that an attacker does not have the same information as the valid > participants by a simple reduction to a previously solved problem, > that of computing a MAC on a single message. > > We believe HMAC(k,m) = h(k,p2,(k,p1,m)) to be a good MAC on message m > (where p1 and p2 are padding bytes necessary to bring (k,p1) and > (k,p2) to full compression function argument boundaries). k is a > shared ``MAC key'', not known to eavesdroppers. But how is the shared ``MAC key'' communicated? Using asym crypto? Or is it derived from the shared password, in which case the attacker could use a dictionary attack? Or would, for example, all Compuserve subscribers have the same shared MAC key and we assume the eavesdropper does not know it? Thanks, Steve Petri petri@litronic.com Litronic Industries (714)545-6649Received on Monday, 5 August 1996 18:40:19 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:17:11 UTC