Re: Chalace - Challenge/Responce password authentification
Paul Robinson (PAUL@tdr.com)
Thu, 26 May 1994 13:53:25 -0400 (EDT)
From: Paul Robinson <PAUL@TDR.COM>
Organization: Tansin A. Darcos & Company, Silver Spring, MD USA
-----
Julian Assange <proff@suburbia.apana.org.au>, wrote to bugtraq list
<bugtraq@crimelab.com> as follows:
>Forwarded message:
>
> >
> > Or you could just use encrypted telnet or my challenge responce
> >system "Chalace".
> Below is the only, documentation available:
> Chalace is a challenge - responce system based on shared non-disclosed
> secrets. Chalace key authentification and exchange is not vulnerable
> to eaves-dropping, tapping, packet-sniffing and the like, as the
> secret is never sent as plain text though any communications channel.
> The chalace secret exchange for bob and alice would look something
> like this:
> <-number send to bob<-
>
> ->Secure hash->
>
> Example: (clients perspective)
>
> Enter challenge: visit defile Suelette
> Responce = urban curve angel
>
> Implimentation:
>
> A 32bit random number is generated by doing an interative
> md5 secure hash of a large number of time and system
> stats.
>
> All information is represented by three words from a table of
> 2048. For non-automated key exchange this makes the information
> considerably easier to remember than other comercial systems
> that use an 8-digit number.
>
> The 128bit secure hash of secret and random number is broken
> down into 32bits then wordified for the responce.
>
> Vulnerabilites:
>
> Though secret space is very large, effective keyspace is only
> 2^32. Assuming that n of bobs logins were intercepted, a
> challenge/responce relational pair table could be constructed
> so that at each challenge, an attacker would have a 2^32/n
> chance of being able to find the correct responce. e.g if
> n=1000, the chance per chalange that the attacker can beat
> the system is 1/4,294,967. This could be considered a
> problem if the implimentation allows many invalid responces,
> and can process them quickly. If paranoia level security
> is desired, then just preform a double challenge, which
> beings the keyspace upto 2^64.
> Regards,
> proff@suburbia.apana.org.au.
Gee, this sounds like Phil Karn's S/Key system only without changing the
keys. If it is really something different, a combination of both would
be very interesting.
S/Key seems to be almost identical with this system, including the list
of words, the use of a nondisclosed shared secret, and so on. The only
difference being that S/Key generates the challenge on a "one time pad"
e.g. the next time you log in it's a different computation because the
count isn't the same.
Perhaps someone here could let me know if I'm correct in my analysis.
I don't see any significant advantage to his method except not having
to regenerate the password every 100 logins or whatever number you set
the S/Key count to be. You still have to look up the code in a table or
use a program to do so.
---
Paul Robinson - Paul@TDR.COM
Voted "Largest Polluter of the (IETF) list" by Randy Bush <randy@psg.com>
-----
The following Automatic Fortune Cookie was selected only for this message:
An American's a person who isn't afraid to criticize the President but
is always polite to traffic cops.