[coderman at gmail.com: Re: [dave at farber.net: [IP] more on AP Story Justice Dept. Probing Domestic Spyin]

[Bill Stewart]

>i'm working on a one time pad based IPsec key daemon with a similar
>purpose to what you describe.  i'll be posting here for feedback when
>it's ready but the basic premise is that it provides strong ephemeral
>IPsec keying using one time pads previously exchanged between peers.
>as long as the pads are generated and secured properly[1] you don't
>need to care if $TLA has kept your IPsec traffic archives in their
>acres of computing machinery.
>
>likewise, if large qubit quantum computers suddenly become feasible or
>multi ring GCF gets really fast, you don't need to worry about past
>key exchanges (also archived) being compromised, as with pub key based
>ISAKMP implementations.

Strikes me as a fairly silly project, except for the fun of coding it.
There are a number of protocols like EKE, SPEKE, A-EKE, etc.
that let you combine a shared password with public-key encryption
for extra strength - a crude variant would be to encrypt your
Diffie-Hellmann keyparts with AES for the key exchange,
so there's nothing that can be conveniently attacked when the
hypothetical Quantum Computer comes online.
There's still a risk of compromising your keys if
the KGB blackbags your machine, so you might want to
change keys annually or monthly or whatever,
but your OTPs are at risk just as a password would be.

And long before Quantum Computers become strong enough to crack
2048-bit public key algorithms at a price that makes the
KGB want to waste its resources on you, there'll be
more convenient ways to blackbag machines, whether it's
including extra features in the OS through the audio CD player
or putting a video camera in your ceiling.


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com