Re: Suggestions For The Passing of Passphrases
From: Alan (a__l__a__n_at_hotmail.com)
Date: 06/08/05
- Next message: nemo_outis: "Re: Suggestions For The Passing of Passphrases"
- Previous message: nemo_outis: "Re: Suggestions For The Passing of Passphrases"
- In reply to: Ari Silversteinn: "Suggestions For The Passing of Passphrases"
- Next in thread: nemo_outis: "Re: Suggestions For The Passing of Passphrases"
- Reply: nemo_outis: "Re: Suggestions For The Passing of Passphrases"
- Reply: Ari Silversteinn: "Re: Suggestions For The Passing of Passphrases"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 8 Jun 2005 14:05:09 -0700
This is an interesting problem. At the risk of making a fool of myself
I'll offer one idea.
I believe that whether this can be done or not depends on the
assumptions.
First, I'm assuming the two parties have not prearranged a shared
secret or protocol. If anything has been prearranged, the passphrase
could have been communicated in that channel, and there would be many
ways to proceed.
Therefore, the communication protocol must be negotiated in public, and
an authenticating piece of information known to both must be agreed
upon in public. For example, "We'll prove that both uf us know each
other's mother's maiden name / birthday / etc." Hopefully you would
use something better than that but you get the idea. Once that is
established, Secure Remote Password (SRP) could be used to derive a key
for securing communications based on each participant's password.
HOWEVER, an observer will know the type of information agreed upon as
the password. If the observer knows the identity of the participants
he might even know the value of the password.
If an observer cannot determine (or gain significant information about)
the password, I think the protocol is as secure as SRP. The trouble is
finding a piece of data that both of you know but an observer cannot
deduce from the negotiation phase.
Alan
- Next message: nemo_outis: "Re: Suggestions For The Passing of Passphrases"
- Previous message: nemo_outis: "Re: Suggestions For The Passing of Passphrases"
- In reply to: Ari Silversteinn: "Suggestions For The Passing of Passphrases"
- Next in thread: nemo_outis: "Re: Suggestions For The Passing of Passphrases"
- Reply: nemo_outis: "Re: Suggestions For The Passing of Passphrases"
- Reply: Ari Silversteinn: "Re: Suggestions For The Passing of Passphrases"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
