[prev in list] [next in list] [prev in thread] [next in thread]
List: bouncycastle-crypto-dev
Subject: alternative key exchange!?
From: Karsten Fischer <Karsten.Fischer () epost ! de>
Date: 2002-07-28 15:51:39
[Download RAW message or body]
Hi there!
I am currently working on a MIDlet and a server program and I want to use
symmetric encryption. But the key exchange is what makes the problem, since
using RSA encryption takes too long on small devices.
I thought about another alternative to obtain a symmetric key, but I am not
sure, if it is secure or not:
1) client generates a digest d out of the current time t and user password p
2) client sends d + t and a random number r to the server
3) first the server verifies the digest by using t and the password that is
stored local on the server side
4) upon successful verification both client and server generate a new digest
using p, r and some predefined string of size > length of maximum symmetric key.
5) client and server should obtain the same digest and can then take the first
bytes (or better the last!?) as a symmetric key without the need to exchange it
over the network.
Steps 1 - 3 some to be normal when using digests (see e.g. Jonathan Knudsen's
Book on Wireless Java, the chapter dealing with cryptography was btw available
as download).
Step 4 and 5 are what I am not sure about, wether this would work at all and if
it is secure to do so.
Hope someone can help me about this.
Regards,
Karsten Fischer
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic