[Muscle] Protecting a PIN with keyed hashing?

Miller, Timothy J. tmiller at mitre.org
Fri Jul 17 06:32:31 PDT 2009 

I presume such a scheme would apply a KDF of some kind to the PIN or PIN + nonce (e.g., PBKDF2 from PKCS#5) in order to derive the symmetric key for this secure channel.  This is still subject to simple offline attack because PINs don't have enough entropy on their own, and the nonce would still have to be shared over the insecure channel.  I'd also worry about speed of the KDF on the card, but that's probably minor.

Maybe SRP would be a better solution.

-- Tim


>-----Original Message-----
>From: muscle-bounces at lists.musclecard.com [mailto:muscle-
>bounces at lists.musclecard.com] On Behalf Of Sébastien Lorquet
>Sent: Friday, July 17, 2009 8:17 AM
>To: MUSCLE
>Subject: Re: [Muscle] Protecting a PIN with keyed hashing?
>
>I know it, but you can easily write a class implementing the
>org.globalplatform.SecureChannel interface to mimick the card manager's
>secure channel, and reuse host-side tools that "talk" this protocol :)
>
>
>On Fri, Jul 17, 2009 at 3:07 PM, Miller, Timothy J. <tmiller at mitre.org>
>wrote:
>
>
>	As I understand it, the symmetric key secured channel is for card
>management (e.g., PIN unblock, applet load, key injection, etc.), not
>for normal access.
>
>	-- Tim
>
>
>
>	>-----Original Message-----
>	>From: muscle-bounces at lists.musclecard.com [mailto:muscle-
>	>bounces at lists.musclecard.com] On Behalf Of Sébastien Lorquet
>	>Sent: Friday, July 17, 2009 7:56 AM
>	>To: MUSCLE
>	>Subject: Re: [Muscle] Protecting a PIN with keyed hashing?
>	>
>	>the muscle applet is for global platform javacards right?
>	>
>	>Then about the GP secure channel already implemented
>	>(org.globalplatform.SecureChannel
>	>org.globalplatform.GPSystem.getSecureChannel() ) in these cards
>for
>	>secure messaging? it provides a mac+tdes encryption. also,
>writing a
>	>software implementation is not difficult, if needed (to use other
>keys
>	>than SD's ones)
>	>
>	>sebastien
>	>
>	>ps: the muscle applet also support strong authentication with a
>	>challenge/response exchange. A 128 bits TDES key can be seen as a
>16-
>	>character PIN, that can be right padded with zeroes or other if
>needed.
>	>what do you think of this?
>
>
>
>	_______________________________________________
>	Muscle mailing list
>	Muscle at lists.musclecard.com
>	http://lists.drizzle.com/mailman/listinfo/muscle
>
>
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3510 bytes
Desc: not available
Url : http://lists.drizzle.com/pipermail/muscle/attachments/20090717/c006b35c/smime.bin

More information about the Muscle mailing list