|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Miller, Timothy J. (tmiller
mitre.org)
Date: Fri Jul 17 2009 - 09:44:35 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
http://srp.stanford.edu/whatisit.html
-- Tim
>-----Original Message-----
>From: Joao Pedro [mailto:countzerosapo.pt]
>Sent: Friday, July 17, 2009 9:01 AM
>To: MUSCLE; Miller, Timothy J.
>Subject: RE: [Muscle] Protecting a PIN with keyed hashing?
>
>Hi Timothy,
>
>"Miller, Timothy J." <tmillermitre.org> wrote:
>
>> I presume such a scheme would apply a KDF of some kind to the PIN or
>> PIN + nonce (e.g., PBKDF2 from PKCS#5) in order to derive the
>> symmetric key for this secure channel. This is still subject to
>> simple offline attack because PINs don't have enough entropy on
>> their own, and the nonce would still have to be shared over the
>> insecure channel. I'd also worry about speed of the KDF on the
>> card, but that's probably minor.
>>
>> Maybe SRP would be a better solution.
>Could you please explain, or provide a reference to what SRP is?
>
>Thank you.
>
>Regards,
>Joao
>
>>
>> -- Tim
>>
>>
>>> -----Original Message-----
>>> From: muscle-bounceslists.musclecard.com [mailto:muscle-
>>> bounceslists.musclecard.com] On Behalf Of Sébastien Lorquet
>>> Sent: Friday, July 17, 2009 8:17 AM
>>> To: MUSCLE
>>> Subject: Re: [Muscle] Protecting a PIN with keyed hashing?
>>>
>>> I know it, but you can easily write a class implementing the
>>> org.globalplatform.SecureChannel interface to mimick the card
>manager's
>>> secure channel, and reuse host-side tools that "talk" this protocol
>:)
>>>
>>>
>>> On Fri, Jul 17, 2009 at 3:07 PM, Miller, Timothy J.
><tmillermitre.org>
>>> wrote:
>>>
>>>
>>> As I understand it, the symmetric key secured channel is for card
>>> management (e.g., PIN unblock, applet load, key injection, etc.), not
>>> for normal access.
>>>
>>> -- Tim
>>>
>>>
>>>
>>> >-----Original Message-----
>>> >From: muscle-bounceslists.musclecard.com [mailto:muscle-
>>> >bounceslists.musclecard.com] On Behalf Of Sébastien Lorquet
>>> >Sent: Friday, July 17, 2009 7:56 AM
>>> >To: MUSCLE
>>> >Subject: Re: [Muscle] Protecting a PIN with keyed hashing?
>>> >
>>> >the muscle applet is for global platform javacards right?
>>> >
>>> >Then about the GP secure channel already implemented
>>> >(org.globalplatform.SecureChannel
>>> >org.globalplatform.GPSystem.getSecureChannel() ) in these cards
>>> for
>>> >secure messaging? it provides a mac+tdes encryption. also,
>>> writing a
>>> >software implementation is not difficult, if needed (to use other
>>> keys
>>> >than SD's ones)
>>> >
>>> >sebastien
>>> >
>>> >ps: the muscle applet also support strong authentication with a
>>> >challenge/response exchange. A 128 bits TDES key can be seen as a
>>> 16-
>>> >character PIN, that can be right padded with zeroes or other if
>>> needed.
>>> >what do you think of this?
>>>
>>>
>>>
>>> _______________________________________________
>>> Muscle mailing list
>>> Musclelists.musclecard.com
>>> http://lists.drizzle.com/mailman/listinfo/muscle
>>>
>>>
>>>
>>
>>
_______________________________________________
Muscle mailing list
Musclelists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
- application/x-pkcs7-signature attachment: smime.p7s
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]