ASK ToolKit Clarifications
I thought I would write one answer to all instead of getting embroiled in a number of individual engagements. I know that the claims we make for the ASK ToolKit(TM) sound a little too good to be true. In fact, someone I have been talking to for a while about other subjects and who I thought respected my views told me that "If it sounds too good to be true, it probably is-- too good to be true. " But I have been on the same end of other controversial products and in the final analysis was vindicated because the product worked as advertised -- even better. I wouldn't lend my name to a "Snake-Oil" product. I don't need that kind of aggravation -- I'm too old. Let me clarify what the toolkit is and what it isn't. Unfortunately, I cannot talk about those things that are being patented, but maybe in the near future. The ASK ToolKit does not do encryption. It only provides keys on demand for encryption. These keys are synchronized across a communication link without the keys or information about them being given out. The keys are both random and unpredictable -- meaning that you will not be able to deduce what the next key is even if you have any key that was used in the past. The system does not depend on the secrecy of internal algorithms for security. The ASK ToolKit does not "manage keys", it just generates them on demand. The developer can do what he/she wants with them. To me, managing keys means distributing them to the appropriate users (with authorization) or moving them around outside of an application. That never needs to happen in an application using a symmetric system. The ASK ToolKit can be used in a Public-Private system, but that's a waste. We are not blindly implying that applications using the ASK ToolKit are unbreakable. However, the toolkit provides the means for intrusion detection and prevention. We know of no method this simple that does that. The toolkit provides a number of bells and whistles to allow the developer of an appliction using it to do many things like change keys as often as wanted -- even every bit (not practical) or re-synchronize (which is different from re-initializing). It also allows the last session information to either be stored in encrypted form on the machine or removed to a portable medium. The ToolKit does not provide the initial strong authentication needed to start the process off. There are many very good methods for doing this, so why should we bother. These range from formal encrypted methods like Diffie-Hellman to simple things like telephone calls, distributing floppy disks to users, filling out online applications where the other side already has critical information about the user, etc. One thing that these shared secret methods have going for them is that they can occur spontaneously -- random in time. That is one of the best means of security. The use of a shared secret with an application containing the ASK ToolKit is only necessary once for initialization. After the first Master Recovery Key (which can be thrown away immediately), there is no relationship to the shared secret and therefore the shared secret needn't remain secret. Short of real clairvoyance, there is no method of determining to 100% certainty that someone is who they say they are. All methods suffer from this first-time syndrome. It's what comes next that is important. Even that first CA needs to be authenticated. The ToolKit just cuts out the subsequent CA fetching process which for large systems of users who need to communicate often (more than once) can be overwhelming. The claims we make are not so much for the ToolKit itself but for the applications that we envision can be developed given the ingenuity of the developer. We invite everyone who has a genuine interest in possibly using the ToolKit, and who is not just tossing flame about, to contact us with their questions. If you are a responsible consultant or represent a responsible organization and can sign an NDA, then we would be glad to fill in the details. Myron Lewis President KeyGen Corporation The Key to Secure Communications(TM)
Myron Lewis wrote:
I know that the claims we make for the ASK ToolKit(TM) sound a little too good to be true. In fact, someone I have been talking to for a while about other subjects and who I thought respected my views told me that "If it sounds too good to be true, it probably is-- too good to be true. "
I forgot to mention...it can also be used to break PGP encryption. Moron Lewis President KeyGun Corporation The Key to Secure Communications(TM) Root Password: KeyGun --------------------------------------------------------------------- This post is copyrighted under the auspices of the Electronic Forgery Foundation. Any abuse of this post is fully expected and acceptable. "Twisting the words of others, since 10 o'clock this morning." ---------------------------------------------------------------------
At 07:50 AM 8/29/97 -0600, Myron Lewis wrote:
Myron Lewis wrote:
I know that the claims we make for the ASK ToolKit(TM) sound a little too good to be true. In fact, someone I have been talking to for a while about other subjects and who I thought respected my views told me that "If it sounds too good to be true, it probably is-- too good to be true. "
I forgot to mention...it can also be used to break PGP encryption.
When making such strong claims, it would behoove the author to provide an example. Until such time, the ASK toolkit will be justly regarded as snakeoil. --Lucky Green <shamrock@netcom.com> PGP encrypted mail preferred. DES is dead! Please join in breaking RC5-56. http://rc5.distributed.net/
Lucky Green writes:
At 07:50 AM 8/29/97 -0600, Myron Lewis wrote:
Myron Lewis wrote:
I know that the claims we make for the ASK ToolKit(TM) sound a little too good to be true. In fact, someone I have been talking to for a while about other subjects and who I thought respected my views told me that "If it sounds too good to be true, it probably is-- too good to be true. "
I forgot to mention...it can also be used to break PGP encryption.
When making such strong claims, it would behoove the author to provide an example.
Check the headers. The one you're replying to was a forgery.
Until such time, the ASK toolkit will be justly regarded as snakeoil.
From the description, it sounds like a fancy API for a PRNG. Not snakeoil, but not all that useful either.
-- Eric Murray Chief Security Scientist N*Able Technologies www.nabletech.com (email: ericm at lne.com or nabletech.com) PGP keyid:E03F65E5
At 09:27 AM 8/29/97 -0400, Myron Lewis wrote:
I know that the claims we make for the ASK ToolKit(TM) sound a little too good to be true. ... The ASK ToolKit does not do encryption. It only provides keys on demand for encryption.
And his web page says
you will be able to offer your customers the most secure applications available. And they won't have to endure the pain of dealing with, or spending the money for, key management systems.
The toolkit is fairly straightforward, if the descriptions are accurate. Alice exchanges a secret with Bob somehow, and keeps track of which secret goes with which recipient, i.e. does the key management - either inside the toolkit, making the toolkit somewhat useful, or outside the toolkit, making the toolkit annoying to use. At that point, Alice and Bob both have Secret(Alice,Bob), and a counter N of the number of session keys they've generated. When Alice wants to send Message to Bob, she uses the toolkit to calculate (SessionKey(N), Stuff2) = f(N, Secret(Alice,Bob),Alice,Bob,Stuff1) and sends Bob (N,Stuff1,Stuff2,Alice,Bob) and E(Message,SessionKey(N)). Having not licensed a copy of the toolkit, I don't know whether Stuff1 and Stuff2 are transmitted, non-transmitted, or empty sets, or whether the function f maintains state other than N (if it does, then Stuff1 and Stuff2 are the state variables, with Stuff1(N+1)==Stuff2(N).) Some popular variants on this are f() = Hash(Secret,N) (tends to leak) f() = Hash(N,Secret,N) or Hash(N,Hash(Secret,N)) or Hash(Secret,N,Secret) f() = Hash(SessionKey(N-1)) == Hash**N(Secret) (terrible - leaks badly.) f() = (Hash2(salt,Hash**N(Secret)), salt) (much stronger if Hash2 is good.) Then there's S/Key: f() = Hash**(M-N)(Secret) where M is a big number, typically 100. This works well for passwords, since you can easily verify that Hash**N(f()) = Secret, though it's dangerous for encryption passwords, since cracking one message key cracks all the previous messages. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list or news, please Cc: me on replies. Thanks.)
participants (4)
-
Bill Stewart -
Eric Murray -
Lucky Green -
Myron Lewis