Cryptography Reference
In-Depth Information
key algorithms can still be useful here because the receiver's key can
not be used to generate the signatures themselves.
Mihir Bellare and
Alexandra Boldyreva
take this one step
further with all or
nothing transforms that
provide more
efficiency.[BB00a]
At the time Rivest's article was written, the U.S. government
restricted the export of algorithms designated as “cryptography”
while placing no limitations on those used for “authentication”.
Hash function-based message authentication codes were typically
assumed to offer no secrecy and thus were freely exportable. Rivest
suggested that his solution pointed to a loophole that weakened the
law.
The security of this solution depends to a large extent on the
structure of
contains enough infor-
mation to be interesting in and of itself, the attacker may be able to
pick out the wheat from the chaff without worrying about
x
and the underlying data. If
x
.
One solution is to break the file into individual bits. This mecha-
nism is a bit weak, however, because there will be only two valid sig-
natures:
f
or
k
f
(
k
1). Rivest overcomes this problem by adding
a counter or nonce to the mix so that each packet looks like this:
(
x
i
,i,f
(
kix
i
)). This mechanism is not that efficient because each bit
may require a 80-200-bit-long packet to carry it.
This solution can easily be mixed with the other techniques that
define the order. One function,
f
(
k
0) and
, can identify the true elements
of the message and another function,
f
, can identify the canonical
order for the elements so the information can be extracted.
g
13.10 Port Knocking
When bits travel across the Internet, they carry two major pieces of
information that act as the address: the
IP address
and the
port
.The
IP address has traditionally been four bytes written as four base 10
numbers separated by periods (e.g. 55.123.33.252), an old format
that is gradually being eclipsed by
IPv6
a newer version with longer
addresses to solve the problems of overcrowding. The IP address
generallymakes a clear distinction betweenmachines, while the port
generally makes a distinction between functions.
So information sent to a different IP address will generally go to
a different machine, although this is often confused by the way that
some machines, especially servers, will do the work of multiple ma-
chines. Information sent to different ports will generally end up in
the control of different software packages that will interpret it differ-
ently. Telnet generally uses port 25, while webservers generally an-
swer requests on port 80. There are dozens of standard and not so
standard choices that computers generally follow but don't have to
