Vin McLellan wrote:
>| Adam's SecurID paper, when presented to a Rutger's network security
>| workshop last year, sparked a rare public comment on ACE cryptography by a
>| big customer, when a senior Bell Labs scientist talked about the
>| Bell/Lucient review of the ACE code (under NDA) and ruefully suggested Adam
>| and his friends save themselves fruitless effort and stop trying to
>| reverse-engineer the code in hopes of finding a fatal flaw in Brainard's
Adam Shostack <adam @
> Actually, what he said was that they protected against the
>obvious attack of using the output of the hash as a way to the card
>secret. I don't suggest that thats a profitable line of attack. The
>same set of Bell Labs scientists also missed the attack I found.
>Which happens. I still have as much respect for the people involved
>as I did before. Open review is a good idea precisely because people
>miss things. Even really, really good people miss things.
With respect, I don't think that is precisely accurate.
What he told the Workshop, by my recall, was that he and others had
reviewed the Brainard hash closely under an NDA and that it (1) was
sufficiently "lossy" (that is, it descarded sufficient material in the hash
process) and (2) "maintained sufficient internal state," so as to make it
impossible -- even for an attacker who (A) had _obtained_ the SecurID hash,
and (B) had access to an output record from that token -- to invert the
one-way function to obtain the token's user-specific seed or secret key.
They did _not_ miss the weakness in the multiple client/server
protocol links that you had spotted in your impressive analysis of the code.
Bell Labs was studying a version of the ACE code which had the fix
that SDTI had inserted in the ACE/Server and ACE/Client code the year
before -- after SDTI Engineering Chief Jim Kotanchik spotted that precise
problem in a routine survey of potential new attacks on the technology.
The problem had been addressed.
Your overall point, however, is well taken. It was a subtle issue,
and a number of very bright people had missed it. That's why I too like
Vin McLellan + The Privacy Guild + <vin @
53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548
-- <@><@> --