Increasing Public Key Crypto Security with Handhelds
Brian Warner
warner at lothar.com
Tue Nov 30 01:16:40 CET 1999
pgut001 at cs.auckland.ac.nz (Peter Gutmann) writes:
...
> - What's a "partial display of the decrypted document"? What if it's
> non-ASCII text? What sort of display is meaningful?
> - What's a "document summary"? How do you generate it? How do you tie it to
> the document? What data formats are used to encode it? How is its validity
> checked?
>
> Whoever can solve those problems, in something selling for less than about
> $50, probably stands to make a lot of money.
Would it be enough to show a short hash on both ends, and let the user make
sure they match? The concern would be that someone else (logged into the same
system) snags the serial port and sends in a signature request just about the
same time as the user makes their own attempt. Wouldn't even require root on a
lot of systems. For signatures, you'd be sending the document's hash anyway,
just display N bits of it on both ends. For decryption, show some of the
(encrypted) session key. In my mind, this is the big advantage of using a
Pilot instead of an iButton: out of band verification/authorization (no UI on
the button).
Is there any room in the OpenPGP protocol to add some discretionary random
bits before the signature algorithm is run? An IV or something? I'm thinking
it would be nice to have a simple way of preventing an attacker from forcing a
degenerate signature that would reveal the secret key.
-Brian
warner at lothar.com
More information about the Gnupg-devel
mailing list