Focus on Microsoft
Announcing TGP - Thor's Godly Privacy Jul 09 2010 06:55PM
Thor (Hammer of God) (thor hammerofgod com) (1 replies)
Re: Announcing TGP - Thor's Godly Privacy Jul 10 2010 05:36PM
Jeffrey Walton (noloader gmail com) (1 replies)
RE: Announcing TGP - Thor's Godly Privacy Jul 10 2010 06:37PM
Thor (Hammer of God) (thor hammerofgod com) (1 replies)
Hey Jeffery -

>Will you be leasing source so the implementation can be verified? I'm
>interested in the security levels of the components, and its hard to gather
>from the sales literature. I don't believe it was listed at
>http://www.hammerofgod.com/tgp.html. More from that page....

First off, no, I'm not leasing or selling any code. It's all free. As such, it's not "sales literature," but just an info page.

That being said, I should go ahead and put up something about the implementation. It is all standard MSFT .NET cryptographic libraries, using RSA and AES cryptographic libraries.

Others in line:

>> Key DropBox
>>
>> If you get someone's private key off the internet or via email, or via
>> email, you can just cut and paste it into the Key Dropbox field and
>> hit "Create" to validate the data and create a new XML public key
>> file.
>Hmmm.... someone else's private key? Perhaps you will take the liberty of
>signing for some one else, which seems to nullify non-repudiation.
>If you're looking to read someone else's confidential data, perhaps you should
>use Samir's Secret Sharing scheme. Then, all interested parties can access the
>data.

Totally. That should be "public key." I just changed it on the site. I must have still been on the "posting your encrypted private key fob" bit (which an interesting bit by itself). The drop-box function is only for public keys. I really only made that because I found the first you do with the key-fob XML file is to open it in IE, which automatically expands XML for you, thus putting in the little "-" sign in front of elements. I wanted to be able to still copy and paste even from IE. The feature itself is actually not all that valuable otherwise. I am, however, adding the same functionality to decrypting data - just drop it in and decrypt. At that point it will be a more valuable function.

>> ... the Dropbox parsing function actually validates the data, checks
>> the hash, and creates a new file for you.
>One cannot make any integrity or authenticity claims when using an unkeyed
>hash. If you can calculate the hash, so can the bad guy.
>Perhaps you should use a MAC such as HMAC (HMAC is a keyed hash). Then
>you can make a integrity/authenticity claim.

You don't need a keyed hash for integrity, only authenticity. That's the hash of the key. If you change the key, the hash won't match. If you change the hash, it won't match the key. That's an integrity check. Using an HMAC presumes one know the "secret key" you hash with in order to validate what is being called "authenticity." Without it, it is of no value. A keyed hash is only going to be valid to prove authenticity if you use an additional element of PKI where the issuer's signature can be validated or some other method to share the "private key" used to hash the key.

Self-generated public keys can't be authenticated in any meaningful way other than validation between 2 parties. If you are worried about the "bad guy" changing the key and the hash then he'll just change the signature as well. Actually, he won't have to change anything - he'll just generate his own and replace it. That's why you have the hash and the key - to validate integrity. If you don't trust were the key came from, you can validate it offline before you use it to encrypt for the recipient. That's how the whole self-generated key scheme works, and which is why I built PKI support for x509 into v1.2 - for those in a position where they cannot trust where the key came from, and where they cannot validate the key in a separate transaction. That being said, when we have to worry about SHA256 collisions to the point that you can create 2 different valid public RSA keys that have the same hash, I'll probably just move to SHA512 instead of trying to fix an authentication issue that really can't be fixed with self-generated keys. At some point, you've got to just say, "here's the key." If I use a key to validate another key, then I'd have to use another key to validate the key I used to validate the first key. That's the inherent issue with self-generation... after a while you start feeling like you are in a roundabout in Mississippi.

t

[ reply ]
Re: Announcing TGP - Thor's Godly Privacy Jul 13 2010 02:40AM
Jeffrey Walton (noloader gmail com) (1 replies)
RE: Announcing TGP - Thor's Godly Privacy Jul 13 2010 05:26AM
Thor (Hammer of God) (thor hammerofgod com) (1 replies)
Re: Announcing TGP - Thor's Godly Privacy Jul 13 2010 11:17PM
Phillip Macey (phillip macey cisra canon com au) (2 replies)
RE: Announcing TGP - Thor's Godly Privacy Jul 16 2010 04:26PM
Wayne Anderson (wfrazee wynweb net)
RE: Announcing TGP - Thor's Godly Privacy Jul 14 2010 12:23AM
Thor (Hammer of God) (thor hammerofgod com)


 

Privacy Statement
Copyright 2010, SecurityFocus