Category Archives: Crypto

The Guillou-Quisquater protocol

Introduced by Guillou and Quisquater in 1988, it is a zero-knowledge identification protocol.

The scenario is as follows: we first have a trusted authority, whom we will name Trent. Trent is trusted by everyone: what he says is true. Trent distributes to all interested parties a secret based on their identity, that he only can compute. Then, when Alice wants to identify to Bob, she uses a zero-knowledge protocol to demonstrate that she knows the secret associated to her identity, but without revealing it (so that Bob cannot subsequently impersonate her).

Continue reading

Pseudo-random sequences and finite fields

One way to symmetrically encrypt a message is to generate a sequence of bits of the same length as the message, and perform a bitwise exclusive-or between the message and the sequence. Then the recipent performs the same operation, and recovers the original message. (This is one way to construct a stream cipher.)

Clearly, the security level provided by such an encryption scheme depends entirely on the way in which the sequence was generated. If it is truly random, then we obtain a so-called one time-pad, which, as long as it is used only once, guarantees perfect secrecy. At the other extreme, if the sequence consists of only 0-bits, then the encryption process does nothing at all and an adversary can directly read the message.

Continue reading

Secret-sharing with polynomials

Suppose you have a secret you wish to transmit to $n$ people, but in such a way that all of those $n$ people must collaborate in order for the secret to be revealed. In other words, it must not be possible for even $n-1$ of those people to obtain the secret, even partially, if the $n$th person does not cooperate.

Continue reading

Linux smart card authentication – PAM

(This is part of my howto on smart card authentication in Linux.)

PAM (Pluggable Authentication Modules) is an authentication framework which uses modules to authenticate users using a wide variety of methods. A PKCS#11 PAM module exists, which allows us to use smart cards to authenticate against any service which uses PAM. The most obvious usage of PAM is system logins, either console or graphical, but a lof of other services, for example sudo, use it (you can have a look in /etc/pam.d to see all currently installed services which use PAM).

Continue reading

Linux smart card authentication – OpenSSL

(This is part of my howto on smart card authentication in Linux.)

You can use the private key stored on your card with OpenSSL, just like you would use an on-disk key. Among other things, you can sign files, decrypt files encrypted with your public key, or generate X.509 certificates for your key. Since this is not an OpenSSL guide, I will not describe those operations in detail, you can refer to the OpenSSL page in the Ubuntu Server Guide if you are not familiar with them, the syntax is the same (except for the necessary command flags to tell OpenSSL to use your smart card, see below).

Continue reading

Linux smart card authentication howto

This is something I posted on Ubuntu Forums a while ago. Since the tutorials section of UF is bound to disappear, I am reposting it here. I have only tested it on Ubuntu; it should work as is on Debian and other Debian-derivatives, and almost as-is on any modern Linux distribution.

Because your machine hosts extremely sensitive data (or, more probably, just for the geek factor) passwords sometimes just don’t cut it. Thanks to the OpenSC project, Linux users can also use smart cards in lieu of passwords to authenticate against various services, which, in addition to being immune to dictionary or brute force attacks, just looks way cooler. This guide will describe the steps needed to use smart cards for various authentication and encryption purposes. I’d like to thank UF user Berduchwal for starting work (and getting me interested to it) in this thread.

Continue reading