[Cryptography] How to build trust in crypto (was:recommending ChaCha20 instead of RC4)

Natanael natanael.l at gmail.com
Mon Mar 17 06:40:19 EDT 2014


2014-03-17 0:42 GMT+01:00 Guido Witmond <guido at witmond.nl>:
> On 03/16/14 15:57, Ralf Senderek wrote:
>
>> The challenge is this:
>>
>> "Show me the whole practical process anyone on this planet can use to
>> have a secure online communication with someone else."
>
> Ralf, I'll pick up the gauntlet. I think I've come up with a worthy
> contestant to your challenge.
>
> Not only, I'll show how someone can have a secure online communication
> with someone else. I'll create a secure channel between two people who
> have never met before.
>
> Here's how:
> [...]
> F. One more thing to do: verify that the CN of the other party is unique
> at teh global registry. It makes sure there is no Man-in-the-Middle,
> making the CN truly a substitute key for the pubkey.

What if it never is unique?

Also, Namecoin can do pretty much the same thing that your series of
steps there does. It's based on the Bitcoin blockchain tech, but
instead of simply just being a currency you can register both domain
names and public keys and a variety of other data in it. So there the
steps are to acquire some NMC (it's currency that you need to register
things) and spend it to register your public key with your name. Then
people can look for each other by name in the blockchain. It still has
the same problem, what if the name isn't unique enough? If you don't
know *exactly* what it should be, then you don't know who you're
talking to.


More information about the cryptography mailing list