Re: Increasing Public Key Crypto Security with Handhelds
On Sat, Nov 27, 1999 at 12:51:15PM +0100, Werner Koch wrote:
> Jason Gunthorpe <jgg@ualberta.ca> writes:
>
> > Even better, like ssh, this could provide a generic means the manage your
> > encryption key outside of an individual session - for example, an X
> > application could be used to prompt for the password, and once provided it
> [...]
> > Moving the encryption agent down into a hardware device like a handheld or
> > a smartcard would be the eventual ultimate evolution of a system like
>
> That is exactly what I have in mind for some time now (and talked
> about it at the Tokyo BOF). I call it for now the GPA (..Agent).
>
> In a first step I will do an internal API for GnuPG to separate tasks
> which require the secret key form the other code.
What's done on the handheld would certainly have to be limited to the public
key part, except for very small messages...
>
> Someone from gnupg-devel already played with GnuPG and a PalmPilot.
> One problem might be that these handhelds are a little bit slow; some
> specialized hardware for them would be nice.
>
The Palms all have moderately slow 68k CPU's ranging from 12mhz to 20mhz.
But this hasn't stopped the ISAAC guys from porting SSLeay and using it to
create a SSH application on the palm. Login happens pretty quickly, even
though my machine uses a 1024 bit server key. Even if DSA/ElGamal is 2 or 3x
slower than RSA, I'm sure it'd still be tolerable for the security-paranoid.
Someone's gotta come up with a method of using hashes to verify a human
readable document summary to make it more difficult for a compromised remote
machine to trick the user into signing an arbitrary document when the
document's too big to send back to the handheld...
--
Brian Ristuccia
brianr@osiris.978.org
bristucc@nortelnetworks.com
bristucc@cs.uml.edu
Reply to: