[Cryptography] How to build trust in crypto (was:recommending ChaCha20 instead of RC4)

Guido Witmond guido at witmond.nl
Tue Mar 18 09:09:32 EDT 2014

On 03/18/14 12:19, Jerry Leichter wrote:
> On Mar 16, 2014, at 7:42 PM, Guido Witmond <guido at witmond.nl> wrote: 
> The challenge is this:
>>> "Show me the whole practical process anyone on this planet can
>>> use to have a secure online communication with someone else."
>> 9. Two strangers, who have never met before have successfully
>> created a secure channel between them.

> ...for some suitably weak notion of all the words involved.  If I do
> a simple unauthenticated D-H key exchange with someone out on the
> net, we (the two parties to that exchange) who have never met before
> (will) have successfully created a secure channel between us.  

Hi Jerry,

D-H creates a secure channel against passive eavesdropping. D-H does not
protect against active MitM attacks.

> Of
> course, neither of us has any idea *who* we set up that secure
> channel with, which was the problem to begin with. 

On the contrary, the premise of eccentric authentication is that there
is already a common interest, ie, a blogger and a commenter. They've
never met anywhere except at the blog site where they read each others'
writings. That's the context that Ralf was referring to in a previous

Eccentric provides the protocol to make that the private channel setup
transparent, completely automated, and secure against passive and active
attacks, while providing anonymity to both end-points. Ie, they have a
secure channel but neither party, nor the site, learns anything else
about the other. Not even IP-addresses when using Tor.

> (No MITM is
> possible here:  The secure channel is from the initiator to whoever
> happens to receive the packets unmolested.  You can't say that's the
> "wrong" party because, well, they are strangers to each other.  And
> you can't complain that the MITM forms some other connection and
> passes information along 

When the blogger and commenter set up a private connection, they
consider a MitM a threat-scenario they want to avoid.

> even a fully authenticated party at the
> other end is perfectly free to do that. (pass information along)

Agreed. You never know what the other party does with the information
you hand them. Act accordingly.

> - and eventually we see that the person in the office isn't the one
> we met initially.
> So the problem with your proposal is hardly new.  :-)

Indeed, on the internet, nobody knows you're a dog. At least, give me
the tools to get back to the same dog I met last time. I believe that to
be a requirement in Ralfs challenge.

With kind regards,

Guido Witmond.

PS, Check here what two people can do once they have a secure channel
via a web site:


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140318/d88dd109/attachment.pgp>

More information about the cryptography mailing list