Question: Key Distr. in realtimeo applications?
Adam Shostack
adam at bwh.harvard.edu
Fri Jul 8 06:58:09 PDT 1994
Kent writes:
| One-time key, how to distribute to both participants: don't. Let each
| pick a random key and sent it to the other using the other's public
| key--no need to use the same key in both directions, in fact seems a
| bad idea.
Sending your otp by RSA reduces the security of your OTP to
that of RSA, since if your RSA key can be broken, the otp can be
obtained. Since the problem is barely more difficult than factoring
your rsa key (or craking the one time idea password in use), there is
no security gain to the otp.
otp's require that they be securely distributed. Usually,
this means a courier with a briefcase full of cd-roms handcuffed to
his wrist, or some other similarly paranoid means.
Adam
--
Adam Shostack adam at bwh.harvard.edu
Politics. From the greek "poly," meaning many, and ticks, a small,
annoying bloodsucker.
More information about the cypherpunks-legacy
mailing list