At 03:39 PM 5/10/01 -0800, [EMAIL PROTECTED] wrote:
>How hard can it really be to just write a plug-in to do symmetric key
encryption
>for AIM / ICQ / Yahoo and use out-of-band methods (PGP?) to exchange
passwords?
>
I'll bite. Symmetric key encryption over any channel is *easy*. Using
PK algorithms/protocols is more expensive, though done once per
'conversation'.
Not sure how complex (in lines of code, with apologies to Chaitin) it
really is,
vs. a block cipher, but an interested party could look it up.
If you want to use PGP/email to exchange symmetric passphrases, that's
great too ---though you're no stronger than any component in your key-handling
chain. Using PGPfone for key exchange would provide biometric ID, if
you've spoken
to the person before, and your adversary can't hire impersonators.
And this is all orthogonal to using public key servers (fnord) to 'manage'
(snicker)
the keys. You can have one public key per correspondant, as twisted as that
might seem.
dh
