From: shearerje_at_comcast.net
Date: Thu Jan 29 2004 - 20:06:36 PST
“Using Encryption for Authentication in Large Networks of Computers” (Needham and Schroeder, 1978) introduces the basics of network encryption technology as we now know it. The paper discusses the distinction between encryption for the protection of privacy and what today we call authentication to verify message integrity and originator. The paper also compares the functional capabilities of symmetric keys vs. public/private keys and shows the message exchange between an originator, a receiver, and an authentication server to make either key type work. I was interested in how the authors developed their case for some of the (now fairly standard) details such as the use of a nonce identifier for anti-replay and the establishment of a conversation-specific key to minimize exposure of their basic identification keys.
I found it strange though that they did public key authentication by encrypting an entire message with the secret key of the originator. Today we usually hash the message down to a fixed size and then just encrypt the hash and stick it on the end of the message. The receiver hashes the message, decrypts the sender’s hash, and compares the two to prove message integrity.
The other weakness in the paper was their (stated) failure to look at the economy and strength of symmetric keys vs. public/private keys. The former are much cheaper but also much less secure, so modern systems often use them just for the conversation-specific keys.
This archive was generated by hypermail 2.1.6 : Thu Jan 29 2004 - 20:06:42 PST