At 09:27 AM 8/29/97 -0400, Myron Lewis wrote:
I know that the claims we make for the ASK ToolKit(TM) sound a little too good to be true. ... The ASK ToolKit does not do encryption. It only provides keys on demand for encryption.
And his web page says
you will be able to offer your customers the most secure applications available. And they won't have to endure the pain of dealing with, or spending the money for, key management systems.
The toolkit is fairly straightforward, if the descriptions are accurate. Alice exchanges a secret with Bob somehow, and keeps track of which secret goes with which recipient, i.e. does the key management - either inside the toolkit, making the toolkit somewhat useful, or outside the toolkit, making the toolkit annoying to use. At that point, Alice and Bob both have Secret(Alice,Bob), and a counter N of the number of session keys they've generated. When Alice wants to send Message to Bob, she uses the toolkit to calculate (SessionKey(N), Stuff2) = f(N, Secret(Alice,Bob),Alice,Bob,Stuff1) and sends Bob (N,Stuff1,Stuff2,Alice,Bob) and E(Message,SessionKey(N)). Having not licensed a copy of the toolkit, I don't know whether Stuff1 and Stuff2 are transmitted, non-transmitted, or empty sets, or whether the function f maintains state other than N (if it does, then Stuff1 and Stuff2 are the state variables, with Stuff1(N+1)==Stuff2(N).) Some popular variants on this are f() = Hash(Secret,N) (tends to leak) f() = Hash(N,Secret,N) or Hash(N,Hash(Secret,N)) or Hash(Secret,N,Secret) f() = Hash(SessionKey(N-1)) == Hash**N(Secret) (terrible - leaks badly.) f() = (Hash2(salt,Hash**N(Secret)), salt) (much stronger if Hash2 is good.) Then there's S/Key: f() = Hash**(M-N)(Secret) where M is a big number, typically 100. This works well for passwords, since you can easily verify that Hash**N(f()) = Secret, though it's dangerous for encryption passwords, since cracking one message key cracks all the previous messages. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list or news, please Cc: me on replies. Thanks.)