Comments on P1363.2 D25 - PowerPoint PPT Presentation

1 / 8
About This Presentation
Title:

Comments on P1363.2 D25

Description:

Master key is derived from the PKRS-1 retrieved key and an additional component ... which prevents each Server from fooling the Client without first correctly ... – PowerPoint PPT presentation

Number of Views:11
Avg rating:3.0/5.0
Slides: 9
Provided by: rebeccaj152
Category:
Tags: comments | d25 | fooling | p1363

less

Transcript and Presenter's Notes

Title: Comments on P1363.2 D25


1
Comments on P1363.2 D25
  • August 24, 2006

2
Kaliski/1 (technical)
  • D.5.5.3.4.1 B15 also describes a multi-server
    scheme that obtains a retrieved key using just
    one PKRS-1 server, plus another non-PKRS-1
    server.
  • Master key is derived from the PKRS-1 retrieved
    key and an additional component from the
    non-PKRS-1 server.

3
Kaliski/1 (technical)
  • Proposal to insert 3rd sentence
  • Alternatively, the master key could be derived
    from a single PKRS-1 retrieved key and a
    component stored on another (non-PKRS-1) server,
    where the Client must demonstrate knowledge of
    the retrieved key to the second server in order
    to obtain the component. This variant protects
    the password against compromise of the PKRS-1
    server.

4
Kaliski/2 (technical)
  • D.5.5.3.4.2 paragraph 4, bullet 1
  • Does the Server know oKCF Hash(Z?)?
  • If so, server can determine password with offline
    dictionary attack. Master key Z depends only on
    password ? and the server's private key u, so
    oKCF can likewise be calculated as a function of
    only those values. Since the server knows u
    already, if the server also knows oKCF, then ?
    can be exhaustively searched.
  • The approach involving an ordinary server (above)
    blocks this attack

5
Kaliski/2 (technical)
  • Editors notes
  • Agree with this concern.
  • The first bullet item does not exactly correspond
    to either of the cited references.
  • Although it was intended to correspond to a
    proposal in B21, the differences introduce this
    concern.
  • Propose replacing the first bullet item with the
    following text to match the cited B21 reference
    and resolve this concern

6
Kaliski/2 (technical)
  • Editors proposed change, from
  • ? using oKCF Hash(Z ?), which prevents the
    Server from fooling the Client without first
    correctly guessing the password, or
  • to
  • ? using oKCF Hash(Hash(Z1Z2 Zn) ?),
    where the Zi values are derived using PKRS-1 with
    n distinct Servers, which prevents each Server
    from fooling the Client without first correctly
    guessing the password, or

7
Kaliski/3,4,5 (editorial)
  • 8.2.1 KRBP-1 Should "party" be changed to
    "Client" to match KRPP-1 and KRUP-1?
  • 10.2 paragraph 1, line 4 "computes" --gt
    "compute"
  • 10.2.1 paragraph 1 "Client and Server parties"
    --gt "Client and Server"
  • Editors Notes
  • Agree with these changes.

8
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Comments on P1363.2 D25" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!