From: "Tyler Durden" <camera_lumina@hotmail.com>
I'd like to be able digitally "shake hands" using a Palm Pilot. Is this possible?
Is this possible within the memory constraints of a Palm device? What about with a booster pack of memory? If not, is some sort of "Public Key Masking" possible so that a 'less secure' handshake is possible using a subset of
I think you mean public key based authentication. the
public key?
I doubt memory is likely to be an issue with this since decade old DOS handhelds ran PGP 2.x fine and if you google for "palm pilot crypto" you will find 2000 vintage ports of OpenPGP and OpenSSL. The Palms do have fairly slow processors so checking keys may take a while and generating them probably quite a long time. More modern PDAs such as the Zaurus or iPaq have processors which are an order of magnitude faster and run linux so PGP (or GPG or whatever) should work. Also the new generation of mobiles which run Java are probably the future once the standards settle down and the phones become more reliable. I can see little point in trying to use shorter keys which would be a very broken solution to a probably non-existent problem. People should be using longer keys rather than shorter ones, since most of the news about short key lengths isn't good (google "DJB RSA").
And for extra credit, when might the chipsets be available for incorporating this functionality into, say, a wristwatch so that the protocol runs automatically (giving you a beep, for instance, only if there's a mismatch)?
It's more a software issue than a hardware issue. It's not much of a software problem since RSA can be written in a few lines of code. If you have a high level language running on (or compiler) for the hardware then you can easily port open source crypto. This is probably a safer solution from a security aspect than relying on potentially backdoored or legally restricted chipsets. Suitable hardware has been available for 10 years or longer with a lot of publicity for the Java ring and iButtons about 5 years back.
(This I'm sure the feds must already have.)
It's possible the US Govt. uses iButtoms but I would very much doubt it's used much in production. State agencies tend to be *very* conservative with authentication and rely on physical identity cards, individually issued (and revocable) PIN numbers and the like. They are run by grey men rather than techno-fetishist computer geeks. -- 1024/D9C69DF9 Steve Mynott <steve@tightrope.demon.co.uk>