Hangout for experimental confirmation and demonstration of software, computing, and networking. The exercises don't always work out. The professor is a bumbler and the laboratory assistant is a skanky dufus.

- Archives - 2004-06-13 2004-06-20 2004-06-27 2004-08-29 2004-09-05 2004-09-12 2004-09-19 2004-10-10 2004-10-24 2004-11-07 2004-11-28 2004-12-05 2004-12-12 2004-12-26 2005-01-30 2005-02-06 2005-03-06 2005-03-13 2005-03-20 2005-04-03 2005-04-10 2005-04-17 2005-04-24 2005-05-01 2005-05-08 2005-05-15 2005-05-29 2005-06-05 2005-06-12 2005-06-19 2005-06-26 2005-07-10 2005-07-17 2005-07-31 2005-08-28 2005-10-09 2005-10-16 2005-10-23 2005-11-13 2005-11-27 2005-12-04 2005-12-18 2006-01-08 2006-02-05 2006-02-12 2006-02-19 2006-03-05 2006-03-12 2006-03-26 2006-04-23 2006-04-30 2006-07-16 2006-07-30 2006-08-06 2006-09-03 2006-10-08 2006-10-22 2006-10-29 2006-11-26 2006-12-10 2007-01-28 2007-02-04 2007-02-11 2007-03-11 2007-03-25 2007-04-08 2007-06-03 2007-06-10 2007-06-17 2007-07-01 2007-07-08 2007-08-19 2007-09-30 2007-10-07 2007-10-21 2007-11-04 2007-11-11 2007-11-18 2007-11-25 2008-01-27 2008-02-03 2008-02-10 2008-02-17 2008-02-24 2008-03-09 2008-04-06 2008-05-18 2008-05-25 2008-06-01 2008-06-08 2008-07-13 2008-08-10 2008-08-24 2008-08-31 2008-09-07 2008-10-05 2008-12-28 2009-05-10 2010-04-25


Blog Feed

Recent Items
 
Is Faith in Innovation Wearing Thin?
 
Repairing Aberrant Behavior: But Is That the Threa...
 
Standards as Arbitrary Solutions to Recurring Prob...
 
Easy trouble-free use of IT tops the list
 
Maturing UML and Increasing Expressiveness
 
More Open Than Open
 
Removing Complexity Makes Less Better
 
Your Computer Is Insecure. Bad planning, eh?
 
Certification of Network-Attached Components?
 
Reputation and Community Trust of Download Files

  

visits to Orcmid's Lair pages

The nfoCentrale Blog Conclave
 
Millennia Antica: The Kiln Sitter's Diary
 
nfoWorks: Pursuing Harmony
 
Numbering Peano
 
Orcmid's Lair
 
Orcmid's Live Hideout
 
Prof. von Clueless in the Blunder Dome
 
Spanner Wingnut's Muddleware Lab (experimental)

nfoCentrale Associated Sites
 
DMA: The Document Management Alliance
 
DMware: Document Management Interoperability Exchange
 
Millennia Antica Pottery
 
The Miser Project
 
nfoCentrale: the Anchor Site
 
nfoWare: Information Processing Technology
 
nfoWorks: Tools for Document Interoperability
 
NuovoDoc: Design for Document System Interoperability
 
ODMA Interoperability Exchange
 
Orcmid's Lair
 
TROST: Open-System Trustworthiness

 

Open Authentication: One-Time Passwords and Crypto-Hashing

ACM News Service: SHA-1 Flaw Seen as No Risk to One-Time Password Proposal.  I've seen several links to Mark Willoughby's 2005-03-22 Computerworld article and I passed over each one, thinking the title was self-explanatory and that I understood why SHA-1 is still usable based on Bruce Schneier's reporting on the topic.  Fortunately, I did glance over this TechNews summary in my regular scanning of that source. Here's interesting material that you might have overlooked too, and that I want to examine as part of TROSTing development. The Initiative for Open Authentication (Oath!) has the vision of developing strong universal authentication: among all users, all devices, and all networks.  The consortium is out to produce a reference architecture based on existing "open standards."  (The term "leveraging" is used, so your credibility may vary.) Vision is vision, and some of this may end up being a solution looking to reword the problem, but the effort is interesting to me, especially because the authentication part is based on Hashed Message Authentication Codes (HMACs) and what are called one-time passwords.  The scheme is based on SHA-1.  There is a very weird statement that this use is less vulnerable to connived collisions because only a small selection of the 60-bit hash are used, and that claim left my jaw hanging open.  There is more to the protocol than that, unless information theory has failed. And I remain interested because I want to know how this might work with persistent entities (some of the everythings that the vision is intended to embrace).  The one-time password scheme is being proposed to the IETF and their is expected to be a standards-track adoption real-soon-now. The question will be, as always, how trust is established and recognized with all of these wondrous technical mechanisms in place, and how symmetrical can that trust arrangement be? We seem to forget that one can also connive an unreliable application atop a reliable protocol, and this may matter more.

¶ posted by orcmid at 3/26/2005 10:28:00 AM

  <$BlogBacklinkTitle$>  

<$BlogBacklinkSnippet$>
posted by <$BlogBacklinkAuthor$> at <$BlogBacklinkDateTime$>