[Cryptography] The names in "the mesh"

Peter Fairbrother peter at m-o-o-t.org
Tue Jul 14 03:42:36 EDT 2015

On 13/07/15 01:20, Christian Huitema wrote:
> Philip,
> Your proposed use of names derived from cryptographic keys reminds me a
> lot of the work with did several years ago with PNRP.

It also reminds me of "mashes", which I described here a few years ago.

A mash is a truncated hash, 12 to 16 characters long, from an alphabet 
of 32 characters, to give 60 to 80 bits of security.

The document which is mashed is available online in an untrusted 
distributed directory, and contains the owner's name, two [1] public 
keys, the key owner's email address, a proof of work, telephone number 
and other details at the owner's discretion - the point is that the mash 
is both the identity and the address.

In order to send someone an email (or call them on the encrypted 'phone, 
or post them a letter etc.) at a mash you have to find out their email 
address - which means finding out the document, which contains their 
public keys. The right software, and end-to-end encryption is 
transparent to the user, and pretty much universal.

One variation has the mash as peter-m-GJRV-FFR5-6TTR, with the first 
part, peter, as the first part of the document. The -m- is constant, 
like an @ in an email address.

I _think_ you do not need more than 60 bits of security - taken with the 
proof of work, means that a tailored attack on a particular 60 bit hash 
is impractical.

[1] two public keys, one for authentication, one for encryption; plus 
signed DH forward secrecy keyparts and update information etc attached 
to the document but outside the hash.

> The point of the small string is that it can be spelled over the phone,
> or copied from a card, without being too unwieldy.


And one point of mashes is that you HAVE to know the document which 
contains the recipient's key in order to even send them a message.

-- Peter Fairbrother

More information about the cryptography mailing list