[Cryptography] The names in "the mesh"
peter at m-o-o-t.org
Tue Jul 14 03:42:36 EDT 2015
On 13/07/15 01:20, Christian Huitema wrote:
> Your proposed use of names derived from cryptographic keys reminds me a
> lot of the work with did several years ago with PNRP.
It also reminds me of "mashes", which I described here a few years ago.
A mash is a truncated hash, 12 to 16 characters long, from an alphabet
of 32 characters, to give 60 to 80 bits of security.
The document which is mashed is available online in an untrusted
distributed directory, and contains the owner's name, two  public
keys, the key owner's email address, a proof of work, telephone number
and other details at the owner's discretion - the point is that the mash
is both the identity and the address.
In order to send someone an email (or call them on the encrypted 'phone,
or post them a letter etc.) at a mash you have to find out their email
address - which means finding out the document, which contains their
public keys. The right software, and end-to-end encryption is
transparent to the user, and pretty much universal.
One variation has the mash as peter-m-GJRV-FFR5-6TTR, with the first
part, peter, as the first part of the document. The -m- is constant,
like an @ in an email address.
I _think_ you do not need more than 60 bits of security - taken with the
proof of work, means that a tailored attack on a particular 60 bit hash
 two public keys, one for authentication, one for encryption; plus
signed DH forward secrecy keyparts and update information etc attached
to the document but outside the hash.
> The point of the small string is that it can be spelled over the phone,
> or copied from a card, without being too unwieldy.
And one point of mashes is that you HAVE to know the document which
contains the recipient's key in order to even send them a message.
-- Peter Fairbrother
More information about the cryptography