From: Paul Robinson <PAUL@TDR.COM> Organization: Tansin A. Darcos & Company, Silver Spring, MD USA ----- Julian Assange <proff@suburbia.apana.org.au>, wrote to bugtraq list <bugtraq@crimelab.com> as follows: >Forwarded message: > > > > > Or you could just use encrypted telnet or my challenge responce > >system "Chalace". > Below is the only, documentation available: > Chalace is a challenge - responce system based on shared non-disclosed > secrets. Chalace key authentification and exchange is not vulnerable > to eaves-dropping, tapping, packet-sniffing and the like, as the > secret is never sent as plain text though any communications channel. > The chalace secret exchange for bob and alice would look something > like this: > <-number send to bob<- > > ->Secure hash-> > > Example: (clients perspective) > > Enter challenge: visit defile Suelette > Responce = urban curve angel > > Implimentation: > > A 32bit random number is generated by doing an interative > md5 secure hash of a large number of time and system > stats. > > All information is represented by three words from a table of > 2048. For non-automated key exchange this makes the information > considerably easier to remember than other comercial systems > that use an 8-digit number. > > The 128bit secure hash of secret and random number is broken > down into 32bits then wordified for the responce. > > Vulnerabilites: > > Though secret space is very large, effective keyspace is only > 2^32. Assuming that n of bobs logins were intercepted, a > challenge/responce relational pair table could be constructed > so that at each challenge, an attacker would have a 2^32/n > chance of being able to find the correct responce. e.g if > n=1000, the chance per chalange that the attacker can beat > the system is 1/4,294,967. This could be considered a > problem if the implimentation allows many invalid responces, > and can process them quickly. If paranoia level security > is desired, then just preform a double challenge, which > beings the keyspace upto 2^64. > Regards, > proff@suburbia.apana.org.au. Gee, this sounds like Phil Karn's S/Key system only without changing the keys. If it is really something different, a combination of both would be very interesting. S/Key seems to be almost identical with this system, including the list of words, the use of a nondisclosed shared secret, and so on. The only difference being that S/Key generates the challenge on a "one time pad" e.g. the next time you log in it's a different computation because the count isn't the same. Perhaps someone here could let me know if I'm correct in my analysis. I don't see any significant advantage to his method except not having to regenerate the password every 100 logins or whatever number you set the S/Key count to be. You still have to look up the code in a table or use a program to do so. --- Paul Robinson - Paul@TDR.COM Voted "Largest Polluter of the (IETF) list" by Randy Bush <randy@psg.com> ----- The following Automatic Fortune Cookie was selected only for this message: An American's a person who isn't afraid to criticize the President but is always polite to traffic cops.