[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] WSS One Time Password
I believe Hal's questions are in message: http://lists.oasis-open.org/archives/wss/200601/msg00012.html "It seems to me that this work would be significantly more valuable if it could be used for integrity protection at least and perhaps confidentiality as well. 1. Is it technologically feasible, for example to use a OTP as the secret in an HMAC? Or could some key derivation scheme be applied? 2. Is it even feasible, to support signing and verification securely by two parties using an OTP? 3. Can a single scheme be used for all the types of OTP cited, or do we need a scheme per type or even per OTP algorithm? 4. Would the use of such a scheme weaken the OTP in some way?" /paulc Paul Cotton, Microsoft Canada 17 Eleanor Drive, Ottawa, Ontario K2E 6A3 Tel: (613) 225-5445 Fax: (425) 936-7329 mailto:Paul.Cotton@microsoft.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]