IETF Logo Mail Archive

Re: [TLS] one time passwords from private keys

Ben Laurie <benl@google.com> Sun, 28 February 2010 16:02 UTC

Return-Path: <benl@google.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E3B253A87BB for <tls@core3.amsl.com>; Sun, 28 Feb 2010 08:02:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.076
X-Spam-Level:
X-Spam-Status: No, score=-104.076 tagged_above=-999 required=5 tests=[AWL=1.300, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_43=0.6, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OT4RYd2mu74V for <tls@core3.amsl.com>; Sun, 28 Feb 2010 08:02:08 -0800 (PST)
Received: from smtp-out.google.com (smtp-out.google.com [216.239.44.51]) by core3.amsl.com (Postfix) with ESMTP id 376E528C107 for <tls@ietf.org>; Sun, 28 Feb 2010 08:02:08 -0800 (PST)
Received: from spaceape14.eur.corp.google.com (spaceape14.eur.corp.google.com [172.28.16.148]) by smtp-out.google.com with ESMTP id o1SG27Jk027266 for <tls@ietf.org>; Sun, 28 Feb 2010 08:02:07 -0800
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1267372927; bh=CGPpTq3THuVM2+fXnNWrgZeAmJE=; h=MIME-Version:In-Reply-To:References:Date:Message-ID:Subject:From: To:Cc:Content-Type; b=V/9BcPYiIjS1c58gqbq3kCrAwuhSKjj7ViMEQyYwSXBX/xfv+UmsDzvNF1vrNWzfc q+yPp6N+8vBB62IUhgvAA==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=mime-version:in-reply-to:references:date:message-id:subject:from:to: cc:content-type:x-system-of-record; b=HgDEpWt8E32gywDiRZ1WVF/e9wx+c0XM4gh6T6xiM5gAQ3/qILDpI7RvNTnxakjPu hV2o7I+6mQLcbLdL1qdBw==
Received: from fxm6 (fxm6.prod.google.com [10.184.13.6]) by spaceape14.eur.corp.google.com with ESMTP id o1SG23d7003149 for <tls@ietf.org>; Sun, 28 Feb 2010 08:02:06 -0800
Received: by fxm6 with SMTP id 6so1646461fxm.22 for <tls@ietf.org>; Sun, 28 Feb 2010 08:02:03 -0800 (PST)
MIME-Version: 1.0
Received: by 10.239.188.139 with SMTP id p11mr314088hbh.102.1267372921091; Sun, 28 Feb 2010 08:02:01 -0800 (PST)
In-Reply-To: <1b587cab1002280709v68fafk1d34faf9029e3eb9@mail.gmail.com>
References: <F0763843-BDC8-4E32-A3AE-2AE19BFC012F@bblfish.net> <1b587cab1002280709v68fafk1d34faf9029e3eb9@mail.gmail.com>
Date: Sun, 28 Feb 2010 16:01:58 +0000
Message-ID: <1b587cab1002280801g1eefd37aq19c58457834aa567@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Story Henry <henry.story@bblfish.net>
Content-Type: multipart/alternative; boundary="001485f78d76c278e10480ab4068"
X-System-Of-Record: true
Cc: tls@ietf.org
Subject: Re: [TLS] one time passwords from private keys
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Feb 2010 16:02:10 -0000

On 28 February 2010 15:09, Ben Laurie <benl@google.com> wrote:

>
>
> On 28 February 2010 14:58, Story Henry <henry.story@bblfish.net> wrote:
>
>> Hello,
>>
>>  I am looking around to see if anyone knows an algorithm to allow one to
>> produce a one time password [1] from the private key part of an asymmetric
>> key pair.
>>
>> The article "Public-Key Cryptography and Password Protocols"
>> http://www.cparity.com/projects/AcmClassification/samples/322514.pdf
>> shows how to do the inverse.
>>
>>  The idea is to make it possible to authenticate into any web site using
>> this one time password. The public key would be tied to a WebId/OpenId,
>> following something like the following steps:
>>
>> 1. A server should be able to know for any webId/openid the public key of
>> that id
>>
>> 2. the user will have
>>  - the private key
>>  - using its private key (and perhaps a time stamp, or a nonce from the
>> server, ... ) the user's software would calculate a one time password which
>> the user could then send with its WebId/OpenId to the server
>>
>> 3. the server which gets the openid/webid find the public key securely and
>> use
>>  that to verify the one time password (somehow)
>>
>> This would allow us to make it easy to create RESTful authentication for
>> devices with broken (Safari on desktop and iphone) or non existent client
>> side certificates (Android, and most other phones).
>>
>> For devices with working client side certificates we have foaf+ssl that
>> works reasonably well currently - though we would love the browser vendors
>> to implement user interface improvements.
>> http://esw.w3.org/topic/foaf+ssl
>>
>>
>>  What we are looking may be impossible. But we can't tell before looking
>> :-)
>> Also if you know of lists that are open source/open standard spirited that
>> you think I should send this question to, please let me know.
>>
>
> One way of doing what you want is a Schnorr signature. One nice property of
> a Schnorr signature is that the private key can easily be derived from a
> password, or could just be a random blob. I'm doing some work in this area,
> so feel free to contact me offlist if you're interested.
>

Also, of course, if you have an RSA keypair you could just sign the nonce
with it :-)


>
>
>>
>>        Henry
>>
>> [1] http://en.wikipedia.org/wiki/One_time_password
>>   http://code.google.com/p/mod-authn-otp/wiki/OneTimePasswords
>>
>> Social Web Architect
>> http://bblfish.net/
>>
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>>
>
>

v2.23.0 | Report a Bug | By Email