Improving OpenIDs use of cryptography 1 - using a MAC
paul at ciphergoth.org
Thu Jun 2 01:46:53 PDT 2005
Paul Crowley wrote:
> Ah, but it can! Sorry I haven't made this clear already. It's very
> simple: the server generates a new secret every time it's asked for one.
I want to anticipate the objection that this is more complex than DSA.
If you do DSA securely, it's not.
First, you will still need to add key lifetimes, and thus multiple keys
per server and the openid.auth_with field, to the protocol. There's
most of your complexity right there.
Secondly, the optimization about not actually storing all the keys but
generating them on the fly as needed isn't actually a necessary part of
the protocol. You could genuinely generate a new random secret and
store it in a database every time you were asked for one, and give each
one a lifetime of, say, one day from generation time. They'd take up
less disk space than the server log entries recording the GET request,
and such requests would generally be rare. It's only if you're worried
about requiring even that much disk space that you need to worry about
implementing my more sophisticated suggestion.
Done right, this is in practice rather simpler than DSA.
\/ o\ Paul Crowley, paul at ciphergoth.org
More information about the yadis