[Cryptography] How to build trust in crypto (was:recommending ChaCha20 instead of RC4)
Guido Witmond
guido at witmond.nl
Tue Mar 18 09:09:32 EDT 2014
On 03/18/14 12:19, Jerry Leichter wrote:
> On Mar 16, 2014, at 7:42 PM, Guido Witmond <guido at witmond.nl> wrote:
> The challenge is this:
>>>
>>> "Show me the whole practical process anyone on this planet can
>>> use to have a secure online communication with someone else."
>> 9. Two strangers, who have never met before have successfully
>> created a secure channel between them.
> ...for some suitably weak notion of all the words involved. If I do
> a simple unauthenticated D-H key exchange with someone out on the
> net, we (the two parties to that exchange) who have never met before
> (will) have successfully created a secure channel between us.
Hi Jerry,
D-H creates a secure channel against passive eavesdropping. D-H does not
protect against active MitM attacks.
> Of
> course, neither of us has any idea *who* we set up that secure
> channel with, which was the problem to begin with.
On the contrary, the premise of eccentric authentication is that there
is already a common interest, ie, a blogger and a commenter. They've
never met anywhere except at the blog site where they read each others'
writings. That's the context that Ralf was referring to in a previous
message.
Eccentric provides the protocol to make that the private channel setup
transparent, completely automated, and secure against passive and active
attacks, while providing anonymity to both end-points. Ie, they have a
secure channel but neither party, nor the site, learns anything else
about the other. Not even IP-addresses when using Tor.
> (No MITM is
> possible here: The secure channel is from the initiator to whoever
> happens to receive the packets unmolested. You can't say that's the
> "wrong" party because, well, they are strangers to each other. And
> you can't complain that the MITM forms some other connection and
> passes information along
When the blogger and commenter set up a private connection, they
consider a MitM a threat-scenario they want to avoid.
> even a fully authenticated party at the
> other end is perfectly free to do that. (pass information along)
Agreed. You never know what the other party does with the information
you hand them. Act accordingly.
> - and eventually we see that the person in the office isn't the one
> we met initially.
...
> So the problem with your proposal is hardly new. :-)
Indeed, on the internet, nobody knows you're a dog. At least, give me
the tools to get back to the same dog I met last time. I believe that to
be a requirement in Ralfs challenge.
With kind regards,
Guido Witmond.
PS, Check here what two people can do once they have a secure channel
via a web site:
http://eccentric-authentication.org/blog/2013/09/05/a-subversive-idea.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140318/d88dd109/attachment.pgp>
More information about the cryptography
mailing list