Re: bootstrapping a secure channel
From: Allen Pulsifer (amicrypt_at_amishare.com)
Date: 08/10/04
- Next message: Herbert Snorrason: "Re: Hacking the DMCA with encryption"
- Previous message: Allen Pulsifer: "Re: bootstrapping a secure channel"
- In reply to: Michael Scott: "Re: bootstrapping a secure channel"
- Next in thread: David Wagner: "Re: bootstrapping a secure channel"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 10 Aug 2004 11:02:50 -0400
Michael Scott wrote:
> As David Wagner has pointed out man-in-the-middle by trying many times does
> have a chance of generating seperate keys which do have the same small hash.
> However Alice and Bob, when they are on the phone, can do clever things to
> avoid such attacks. Note that on an authenticated channel they are
> completely free from man-in-the-middle. They can have the full 160-bit
> hashes available and then randomly quote from different parts of it - "The
> 17th Hex digit of mine is A - what is the 7th Hex digit of yours?" etc.
Hello Mike,
It looks like the technique of comparing hashes of the shared secret is
secure in the sense that the probability of a successful attack could be
made acceptably low. In comparison to the method we documented, it's
not clear if you would have to compare more or fewer bits of data to
achieve the same level of security.
One issue is that the protocol as you state it is unwieldy ("The 17th
Hex digit of mine is A - what is the 7th Hex digit of yours?" etc.) and
would be more difficult for users than simply comparing two strings from
start to finish. Another difference is that the limiting factor in this
protocol is a brute force attack, which means the security level for a
given number of bits compared will decrease in time.
Finally, to the extent the users could do "clever things" do avoid
attacks, that would only be useful to us (and in many other
applications), if these things could be documented and followed by
untrained users. Two experienced cryptographers may be able to decide
for themselves what clever techniques they want to use, but these sort
of ad hoc techniques would not be suitable in many applications.
Thanks,
Allen Pulsifer
- Next message: Herbert Snorrason: "Re: Hacking the DMCA with encryption"
- Previous message: Allen Pulsifer: "Re: bootstrapping a secure channel"
- In reply to: Michael Scott: "Re: bootstrapping a secure channel"
- Next in thread: David Wagner: "Re: bootstrapping a secure channel"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
