Cryptography Reference
In-Depth Information
pertaining session key - IV pair. With these data and a couple of tricks, she
calls Carol pretending to be Bob (since she uses Bob's LEAF) and tells her in
Bob's voice about the most recent criminal activities that are pure imagination.
You can read the details of this and other attacks in [Frankcl]. These possible
compromises are another reason why the unit ID must not be recognized as
authentication.
Bottom Line
The EES protocol has many weaknesses. It is not just a matter of the fraud-
ulent maneuvers described above; the protocol does not supply any additional
evidence. This is unfortunate, because cryptology could be very helpful. Fur-
thermore, the protocol often causes the keys of uninvolved people who happen
to call a wiretapped criminal to be revealed.
You saw how problematic key escrow can be from the cryptological perspective,
let alone legal and political issues. The serious doubts about the use of Clipper
and Capstone are of both a subjective and technical nature. You now have
a rough idea of the dreadful consequences cryptologically weak hardware or
software used in masses can have. This is important in Europe, too, even though
there is logically not much interest in buying EES devices.
6.5 One-Time Passwords
You can lean back in the next three sections for they are easier than the previous
ones.
The protocols described in this section are intended to allow Alice to identify
herself unambiguously by use of a password, though Mallory is back to his
old habits. This is not a negligible threat, for example, when Alice logs into a
UNIX computer over the Internet. Though the password mechanism in modern
UNIX computers is cryptologically secure, the best password won't do much
good when it runs across the data line in the clear as you log in.
6.5.1 The Trick with One-Way Hash Functions
Key exchange using asymmetric cryptography is out of the question for the
problem mentioned above, because Alice will probably have no computing
capacity at her disposal yet before logging on.
