[Cryptography] How to build trust in crypto (was:recommending ChaCha20 instead of RC4)
leichter at lrw.com
Tue Mar 18 07:19:02 EDT 2014
On Mar 16, 2014, at 7:42 PM, Guido Witmond <guido at witmond.nl> wrote:
The challenge is this:
>> "Show me the whole practical process anyone on this planet can use to
>> have a secure online communication with someone else."
> 9. Two strangers, who have never met before have successfully created a
> secure channel between them.
...for some suitably weak notion of all the words involved. If I do a simple unauthenticated D-H key exchange with someone out on the net, we (the two parties to that exchange) who have never met before (will) have successfully created a secure channel between us. Of course, neither of us has any idea *who* we set up that secure channel with, which was the problem to begin with. (No MITM is possible here: The secure channel is from the initiator to whoever happens to receive the packets unmolested. You can't say that's the "wrong" party because, well, they are strangers to each other. And you can't complain that the MITM forms some other connection and passes information along - even a fully authenticated party at the other end is perfectly free to do that.)
There's classic movie the details of which I don't remember at all, but with the following setup: An American woman traveling somewhere in Europe is approached and asked to "help her country". She's told to go the American embassy at such and such a time and ask for Mr. Such and So. She does, is lead to his office. They talk; he's a charming fellow, and asks her to do some kind of espionage work for the US. He'll be her contact. She agrees.
As the movie proceeds, she does what's asked. But eventually things go awry and she finds herself in deeper and deeper trouble.
Somewhere along the way, we find ourselves back the the US Embassy, at the office of her contact. Except that the person sitting at the secretary's desk is different; some details of the room are different - and eventually we see that the person in the office isn't the one we met initially. The sign on the door that said this is the office of someone who's involved with espionage (or might plausibly be) is shown now to say this guy has some position like representative to the king's goats. It's revealed that he and his secretary go out for lunch every day at the same time; they are always out at the time of the initial meeting. The people our heroine met with simply set themselves up in the office.
So the problem with your proposal is hardly new. :-)
More information about the cryptography