tags:

views:

383

answers:

3
+1  Q: 

What is a somewhat secure way of generating a 64 bit signature?

I would like to sign a device, and I have 64 bits to store my signature in the device. This device has a MAC address and some other details (about 30 bytes worth) I can mangle to create my signature.

If possible, I would like the method to be one-way, so that I can verify that the signature is valid without knowing how to create a valid signature. Most public-private keys have this feature but they generate signatures that are 48 bytes long (I only have 8 bytes).

Implementation in Python is a plus.

Thanks

EDIT: Thanks for the advice everyone. It sounds like there is no secure way to do this, only a way that is moderately inconvenient to attackers. I'll probably use a cryptographic hash combined with secret bit-shuffling. This will be as secure as any other link in my (very weak) 'security'.

A: 

You could just use a standard hashing function (MD5 SHA1) and only use the first or last 30 bytes.
The number of bytes a hashing function generates is fairly arbitrary - it's obviously a trade off between space and uniqueness. There is nothing special about the lenght of the signature they use.

Edit - sorry I was thinking that MD5 returned 32bytes- it actaulyl returns 16bytes but is ussually written as 32hex digits.

Martin Beckett  2008-11-10 22:37:50
The problem with this solution is that it is very easy for someone else to figure out which hashing algorithm I used and create their own signatures. I'm considering a standard hash followed by bit shuffling but it is symmetrical (to test the signature is to create the signature)
Tom Leys  2008-11-10 22:40:01
You _could_ use keyed hashing, that way the secret is with you. So, HMAC-MD5 or HMAC-SHA1, possibly truncated. I don't know about the security of this truncation, mind you.
Chris Jester-Young  2008-11-10 22:41:53
Of course, keyed hashing means that the key used to sign needs to be with the verifier too (symmetric). Oh well. Maybe there is a way to do asymmetric keyed hashing. :-P
Chris Jester-Young  2008-11-10 22:42:55
Keyed hashing is the best I can come up with, without trying to re-implement DSA (http://en.wikipedia.org/wiki/Digital_Signature_Algorithm) with very small keys.
Tom Leys  2008-11-10 22:52:06
+2  A: 

Basically what you need is a 64-bit cryptographic hash funcion, such as Ripemd-64 or elf-64. Then you encrypt the hash with a cryptographic method and you got a 64 bit signature. The only problem is, from the point of view of a non-cryptoanalyst, that 64 bit offers a much weaker signature than typical over-128 bit hash. Nonetheless it could still be suitable for your application.

Fernando Miguélez  2008-11-10 22:45:07
Yeah, it is a pretty weak signature. We are happy to live with "it is harder to crack the signature than to crack something else". Any suggestions for the cryptographic method? Can I use something "Off the shelf?"
Tom Leys  2008-11-10 22:50:39
I would use RSA. There are various RSA implementations for Python out there, including a pure-python one (http://pypi.python.org/pypi/rsa)
Martin v. Löwis  2008-11-10 22:55:51
I have been looking around to find a suitable encryption method that gives the required output of 64 bits but it is not an easy task. Surely because such a weak encryption algorithm is more useless. What about using sth secret along with hash computing method?
Fernando Miguélez  2008-11-10 23:13:58
+3  A: 

Hash functions and digital signatures are very different things.

The size of a digital signature depends on the underlying hash function and the key length. So in theory, you can create an RSA implementation that generates 64-bit signatures, but that'd be an extremely weak signature.

For smaller key lengths, you might want to look at elliptic curve cryptography.

EDIT: Yes, I'm a cryptographer.

EDIT 2: Yet if you only need a hash function, you can look at elf64 or RIPEMD-64 as Fernando Miguélez suggested.

EDIT 3: Doing the math, you'd need to use 16-bit keys in ECC to generate 64-bit signatures, which is very weak. For ECC, anything less than 128 bits can be considered weak. For RSA this is 1024 bits.

Can Berk Güder  2008-11-10 23:25:41
If it is that weak, is it worth using a standard algorithm at all? Should I just go the hash and scramble method and hope that security by obscurity saves the day?
Tom Leys  2008-11-10 23:43:07
Security by obscurity *never* works. First thing I learned in college. =)
Can Berk Güder  2008-11-10 23:48:52
Although 16-bit security is no security at all.
Can Berk Güder  2008-11-10 23:51:56

related questions

How to transition to Functional Programming
List of the top Programming "shows"
How to contribute code back to an Open Source project?
What is Test Driven Development (TDD)?
pass by reference or pass by value?
Could you recommend a good free project hosting website?
Writing A "Conway's Game of Life" Program
Learning to write a compiler
How can I modify .xfdl files? (Update #1)
Followup: "Sorting" colors by distinctiveness
Followup: Finding an accurate "distance" between colors
Windows Help files - what are the options?
A little diversion into floating point (im)precision, part 1
Internationalization in your projects
Efficiently get sorted sums of a sorted list
Format string to title case
GUI Programming APIs
Using combinations of sets as test data
What books would you recommend for a beginning Software Developer?
The Definitive Guide To Website Authentication
What is your solution to the FizzBuzz problem?
Generate list of all possible permutations of a string
When to use unsigned values over signed ones?
Function for creating color wheels
Fastest way to get value of pi