RE: [wss] WSS One Time Password

["Hallam-Baker, Phillip" <pbaker@verisign.com>]

> From: Paul Cotton [mailto:Paul.Cotton@microsoft.com] 

> I believe Hal's questions are in message:
> http://lists.oasis-open.org/archives/wss/200601/msg00012.html 
> 
> "It seems to me that this work would be significantly more 
> valuable if it could be used for integrity protection at 
> least and perhaps confidentiality as well.
> 
> 1. Is it technologically feasible, for example to use a OTP 
> as the secret in an HMAC? Or could some key derivation scheme 
> be applied?

It is feasible to use an OTP token as an authenticator in such a scheme but
an additional source of randomness is essential. 10^6 is not a usefully
large keyspace for any purpose, it can be exhausted by means of trivial
cryptanalysis using WWII vintage equipment.

Once you add in mechanism to add in the additional keyspace we are talking
about a different protocol that looks like WS-SecureConversation or WS-Trust
depending on the technology you with to apply.


> 2. Is it even feasible, to support signing and verification 
> securely by two parties using an OTP?

NO, not without an intermediate key exchange which is a different protocol. 


> 3. Can a single scheme be used for all the types of OTP 
> cited, or do we need a scheme per type or even per OTP algorithm?

The OTP algorithm is irrelevant. An ideal OTP generator would be a perfectly
random quantum source. Differentiating between pseudo-random algorithms is
irrelevant to the protocol.

Remember that some users of OTP will be using printed scratch off cards. 


> 4. Would the use of such a scheme weaken the OTP in some way?"

It isn't practical without additional mechanism that is to be developed
elsewhere.

smime.p7s