Palm Pilot Handshake
Steve Mynott
steve at tightrope.demon.co.uk
Wed Jan 29 10:18:05 PST 2003
From: "Tyler Durden" <camera_lumina at hotmail.com>
> I'd like to be able digitally "shake hands" using a Palm Pilot. Is this
> possible?
I think you mean public key based authentication.
> Is this possible within the memory constraints of a Palm device? What
about
> with a booster pack of memory? If not, is some sort of "Public Key
Masking"
> possible so that a 'less secure' handshake is possible using a subset of
the
> public key?
I doubt memory is likely to be an issue with this since decade old DOS
handhelds ran PGP 2.x fine and if you google for "palm pilot crypto" you
will find 2000 vintage ports of OpenPGP and OpenSSL.
The Palms do have fairly slow processors so checking keys may take a while
and generating them probably quite a long time. More modern PDAs such as
the Zaurus or iPaq have processors which are an order of magnitude faster
and run linux so PGP (or GPG or whatever) should work. Also the new
generation of mobiles which run Java are probably the future once the
standards settle down and the phones become more reliable.
I can see little point in trying to use shorter keys which would be a very
broken solution to a probably non-existent problem. People should be using
longer keys rather than shorter ones, since most of the news about short key
lengths isn't good (google "DJB RSA").
> And for extra credit, when might the chipsets be available for
incorporating
> this functionality into, say, a wristwatch so that the protocol runs
> automatically (giving you a beep, for instance, only if there's a
mismatch)?
It's more a software issue than a hardware issue. It's not much of a
software problem since RSA can be written in a few lines of code. If you
have a high level language running on (or compiler) for the hardware then
you can easily port open source crypto. This is probably a safer solution
from a security aspect than relying on potentially backdoored or legally
restricted chipsets.
Suitable hardware has been available for 10 years or longer with a lot of
publicity for the Java ring and iButtons about 5 years back.
> (This I'm sure the feds must already have.)
It's possible the US Govt. uses iButtoms but I would very much doubt it's
used much in production.
State agencies tend to be *very* conservative with authentication and rely
on physical identity cards, individually issued (and revocable) PIN numbers
and the like.
They are run by grey men rather than techno-fetishist computer geeks.
--
1024/D9C69DF9 Steve Mynott <steve at tightrope.demon.co.uk>
More information about the cypherpunks-legacy
mailing list