Re: More on DRB & OpenSSL

< ^ > P N |<>|^_>< --- | ~ ...Help
On Fri, 8 Aug 2003, Brian Candler wrote:

> On Fri, Aug 08, 2003 at 06:36:59PM +0900, Hugh Sasse Staff Elec Eng wrote:
> > > Otherwise you go to a different system altogether - such as public key
> > > authentication.
> >
> > OK, I should look into that further, but isn't that subject to
> > similar attacks: not dictionary, but the parallel computer based
> > ones, like DES cracking challenges people set up.  Reply off list if
> > you wish, this could bore the legs of some readers and is getting
> > less Ruby specific! :-)
>
> I guess you're right. Bruce Schneier's "Applied Cryptography" is a highly
> recommended read.
>
> > > Right, so you're saying that you calculate the hash over the payload *and*
> > > the nonce:
> > >
> > >         [ payload ] [nonce] [hash]
> > >         ^^^^^^^^^^^^^^^^^^^
> > >                               ^ Hash of (payload + nonce + secret)
> >
> > Yes....
> > >
> > > But once you've done that, you don't need the nonce in the first place,
> > > which is the point I was trying to make before.
> >
> > The nonce gives timeout information, and prevents othere injecting
> > data into the system.  Even if they can forge something convincing
> > they need the right nonce to be able to do it NOW.
>
> Then it is not a nonce. A nonce would be a random meaningless string - which
> could of course include the current date/time as part of ensuring it is not

That's what it is...

> repeated. But if you are *extracting* the date/time out of that string and

And that is what I am not doing.  The end that served the nonce
'knows' when to expire it.

> using it to decide whether you will accept the packet or not, then it's a
> timestamp.

OK, I see what you mean. I think the Concise Oxford Dictionary
definition would stil encompass that, but I won't press the
point!:-)
>
        [...]
> > But can't sequential numbers be forged easily?
>
> You can't forge anything which is under the protection of the signature
> (i.e. included as part of the hash in the shared-secret algorithm we're
> discussing), because to do so you would need to know the secret.

Good point.  Well, I'll stick with the nonces for now, I need them
for initial setup, and code re-use is good.
>
>
> Regards,
>
> Brian.
>
>
        Thank you for your input on this.
        Hugh