[Muscle] Protecting a PIN with keyed hashing?

Miller, Timothy J. tmiller at mitre.org
Fri Jul 17 07:44:35 PDT 2009 

http://srp.stanford.edu/whatisit.html

-- Tim


>-----Original Message-----
>From: Joao Pedro [mailto:countzero at sapo.pt]
>Sent: Friday, July 17, 2009 9:01 AM
>To: MUSCLE; Miller, Timothy J.
>Subject: RE: [Muscle] Protecting a PIN with keyed hashing?
>
>Hi Timothy,
>
>"Miller, Timothy J." <tmiller at mitre.org> wrote:
>
>> I presume such a scheme would apply a KDF of some kind to the PIN or
>> PIN + nonce (e.g., PBKDF2 from PKCS#5) in order to derive the
>> symmetric key for this secure channel.  This is still subject to
>> simple offline attack because PINs don't have enough entropy on
>> their own, and the nonce would still have to be shared over the
>> insecure channel.  I'd also worry about speed of the KDF on the
>> card, but that's probably minor.
>>
>> Maybe SRP would be a better solution.
>Could you please explain, or provide a reference to what SRP is?
>
>Thank you.
>
>Regards,
>Joao
>
>>
>> -- Tim
>>
>>
>>> -----Original Message-----
>>> From: muscle-bounces at lists.musclecard.com [mailto:muscle-
>>> bounces at lists.musclecard.com] On Behalf Of Sébastien Lorquet
>>> Sent: Friday, July 17, 2009 8:17 AM
>>> To: MUSCLE
>>> Subject: Re: [Muscle] Protecting a PIN with keyed hashing?
>>>
>>> I know it, but you can easily write a class implementing the
>>> org.globalplatform.SecureChannel interface to mimick the card
>manager's
>>> secure channel, and reuse host-side tools that "talk" this protocol
>:)
>>>
>>>
>>> On Fri, Jul 17, 2009 at 3:07 PM, Miller, Timothy J.
><tmiller at mitre.org>
>>> wrote:
>>>
>>>
>>> 	As I understand it, the symmetric key secured channel is for card
>>> management (e.g., PIN unblock, applet load, key injection, etc.), not
>>> for normal access.
>>>
>>> 	-- Tim
>>>
>>>
>>>
>>> 	>-----Original Message-----
>>> 	>From: muscle-bounces at lists.musclecard.com [mailto:muscle-
>>> 	>bounces at lists.musclecard.com] On Behalf Of Sébastien Lorquet
>>> 	>Sent: Friday, July 17, 2009 7:56 AM
>>> 	>To: MUSCLE
>>> 	>Subject: Re: [Muscle] Protecting a PIN with keyed hashing?
>>> 	>
>>> 	>the muscle applet is for global platform javacards right?
>>> 	>
>>> 	>Then about the GP secure channel already implemented
>>> 	>(org.globalplatform.SecureChannel
>>> 	>org.globalplatform.GPSystem.getSecureChannel() ) in these cards
>>> for
>>> 	>secure messaging? it provides a mac+tdes encryption. also,
>>> writing a
>>> 	>software implementation is not difficult, if needed (to use other
>>> keys
>>> 	>than SD's ones)
>>> 	>
>>> 	>sebastien
>>> 	>
>>> 	>ps: the muscle applet also support strong authentication with a
>>> 	>challenge/response exchange. A 128 bits TDES key can be seen as a
>>> 16-
>>> 	>character PIN, that can be right padded with zeroes or other if
>>> needed.
>>> 	>what do you think of this?
>>>
>>>
>>>
>>> 	_______________________________________________
>>> 	Muscle mailing list
>>> 	Muscle at lists.musclecard.com
>>> 	http://lists.drizzle.com/mailman/listinfo/muscle
>>>
>>>
>>>
>>
>>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3510 bytes
Desc: not available
Url : http://lists.drizzle.com/pipermail/muscle/attachments/20090717/3380b3aa/smime.bin

More information about the Muscle mailing list