OTP (One-Time Pad Generator Program) and MD5 signature - Security

This is a discussion on OTP (One-Time Pad Generator Program) and MD5 signature - Security ; OTP at http://www.fourmilab.ch/onetim*e/otpgen.html enables the user to generate one-time pads or password lists in a variety of formats. The question is about MD5 signature of the generated keys. For instance, a sender has generated keys and their MD5 signatures, encrypted ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: OTP (One-Time Pad Generator Program) and MD5 signature

  1. OTP (One-Time Pad Generator Program) and MD5 signature

    OTP at http://www.fourmilab.ch/onetim*e/otpgen.html
    enables the user to generate one-time pads or password lists in a variety of formats.

    The question is about MD5 signature of the generated keys.

    For instance, a sender has generated keys and their MD5 signatures, encrypted (with using one of the generated keys) some message
    and sent the encrypted message, the keys and MD5 signatures to a recipient.
    To decrypt the encrypted message the recipient needs the key itself, not its MD5 signature.
    How is MD5 signature used in this data transmission process?
    Who and how does verify keys with using MD5 signatures? Sender? Not recipients?

    --
    Alex Vinokur
    email: alex DOT vinokur AT gmail DOT com
    http://mathforum.org/library/v*iew/10978.html
    http://sourceforge.net/users/a*lexvn



  2. Re: OTP (One-Time Pad Generator Program) and MD5 signature

    + "Alex Vinokur" :

    | OTP at http://www.fourmilab.ch/onetime/otpgen.html

    (I deleted a soft hyphen that had snuck into the URL.)

    | enables the user to generate one-time pads

    No. They make the claim, and say

    Spies are furnished "one-time pads" containing pages of keys used to
    encrypt individual characters of secret messages, then discarded. As
    long as the physical security of the two copies of a one-time pad is
    assured and the keys on the pad are sufficiently random, security is
    absolute.

    This is true only if the one-time pads are truly random. The program
    on this page creates pseudo-random "one-time pads", and for this case,
    the proof of security breaks down. From the description offered on
    the web page I would venture a guess that their "one-time pads" are
    not cryptographically very secure.

    | or password lists in a variety of formats.
    |
    | The question is about MD5 signature of the generated keys.
    | [...]
    | Who and how does verify keys with using MD5 signatures?

    The way I read this, the MD5 signature has nothing to do with the
    encryption of message, but are only intended for one-time password
    applications. The idea is this: The program creates a sequence of
    passwords together with their MD5 hashes. You keep the password, the
    computer keeps the hashes. Now, when you wish to log in, or use some
    password protected service on the computer, you pick the next password
    from the list and send it (in the clear) to the computer, which
    compares it with the next hash on its list. If they match, you're
    in. If not, tough luck. The computer is of course supposed to keep
    track so the same password won't work twice, hence keeping
    eavesdroppers from using the password.

    One-time passwords can be useful, but they don't protect against
    man-in-the-middle attacks. Also, to make it harder to apply a
    dictionary attack against the password hash file (if the attacker can
    get a copy of it), salts should have been used, in the same way they
    are used in Unix passwd files.

    --
    * Harald Hanche-Olsen
    - Debating gives most of us much more psychological satisfaction
    than thinking does: but it deprives us of whatever chance there is
    of getting closer to the truth. -- C.P. Snow


  3. Re: OTP (One-Time Pad Generator Program) and MD5 signature


    "Harald Hanche-Olsen" wrote in message newscozmvx3vip.fsf@shuttle.math.ntnu.no...
    > + "Alex Vinokur" :
    >
    > | OTP at http://www.fourmilab.ch/onetime/otpgen.html
    >
    > (I deleted a soft hyphen that had snuck into the URL.)

    [snip]
    >
    > The way I read this, the MD5 signature has nothing to do with the
    > encryption of message, but are only intended for one-time password
    > applications. The idea is this: The program creates a sequence of
    > passwords together with their MD5 hashes.


    For instance,
    1) Current session key and its MD5 signature: gtweuzpy 04AE0013DFAC7807A4846425AAE03D48
    2) Next session key and its MD5 signature: choginzx 5C35E01460B99DCFD633C452DDA3D88F

    > You keep the password, the
    > computer keeps the hashes. Now, when you wish to log in, or use some
    > password protected service on the computer, you pick the next password
    > from the list and send it (in the clear) to the computer, which
    > compares it with the next hash on its list.


    The recipient picks key 'choginzx'.

    > If they match, you're in.


    The computer searchs 'choginzx' in the list and checks its MD5 signature.
    Is MD5 signature used here?

    > If not, tough luck. The computer is of course supposed to keep
    > track so the same password won't work twice, hence keeping
    > eavesdroppers from using the password.

    [snip]

    --
    Alex Vinokur
    email: alex DOT vinokur AT gmail DOT com
    http://mathforum.org/library/view/10978.html
    http://sourceforge.net/users/alexvn





  4. Re: OTP (One-Time Pad Generator Program) and MD5 signature

    + "Alex Vinokur" :

    | "Harald Hanche-Olsen" wrote in message newscozmvx3vip.fsf@shuttle.math.ntnu.no...
    | > The idea is this: The program creates a sequence of
    | > passwords together with their MD5 hashes.
    |
    | For instance,
    | 1) Current session key and its MD5 signature: gtweuzpy 04AE0013DFAC7807A4846425AAE03D48
    | 2) Next session key and its MD5 signature: choginzx 5C35E01460B99DCFD633C452DDA3D88F
    |
    | > You keep the password, the
    | > computer keeps the hashes. Now, when you wish to log in, or use some
    | > password protected service on the computer, you pick the next password
    | > from the list and send it (in the clear) to the computer, which
    | > compares it with the next hash on its list.
    |
    | The recipient picks key 'choginzx'.
    |
    | > If they match, you're in.
    |
    | The computer searchs 'choginzx' in the list and checks its MD5 signature.
    | Is MD5 signature used here?

    Almost: You send 'choginzx', the server computes the MD5 signature,
    and checks it against the next MD5 signature in its file. If they
    match, it lets you in. It also marks that signature as having been
    used, so it cannot be used again to gain access.

    (I'm confused by your use of the word recipient, though: This is for
    access control, not for sending and receiving encrypted messages.)

    --
    * Harald Hanche-Olsen
    - Debating gives most of us much more psychological satisfaction
    than thinking does: but it deprives us of whatever chance there is
    of getting closer to the truth. -- C.P. Snow

  5. Re: OTP (One-Time Pad Generator Program) and MD5 signature

    Harald Hanche-Olsen writes:
    > Almost: You send 'choginzx', the server computes the MD5 signature,
    > and checks it against the next MD5 signature in its file. If they
    > match, it lets you in. It also marks that signature as having been
    > used, so it cannot be used again to gain access.
    >
    > (I'm confused by your use of the word recipient, though: This is for
    > access control, not for sending and receiving encrypted messages.)


    misc. discussions of one-time-password & associated internet standard
    http://www.garlic.com/~lynn/2003m.html#50 public key vs passwd authentication?
    http://www.garlic.com/~lynn/2003n.html#0 public key vs passwd authentication?
    http://www.garlic.com/~lynn/2003n.html#1 public key vs passwd authentication?
    http://www.garlic.com/~lynn/2003n.html#2 public key vs passwd authentication?
    http://www.garlic.com/~lynn/2003n.html#3 public key vs passwd authentication?

    --
    Anne & Lynn Wheeler | http://www.garlic.com/~lynn/

+ Reply to Thread