On Wed, 15 Mar 2006, Ed Gerck wrote: > cybergio wrote: > > > > Zfone :: http://www.philzimmermann.com/EN/zfone/index.html > > "...it achieves security without reliance on a PKI, key certification, > trust models, certificate authorities, or key management..." > > Good. But, uf course, there's a trust model and you need to rely on it.
Points to them for making it explicit. > "...allows the detection of man-in-the-middle (MiTM) attacks by > displaying a short authentication string for the users to read and > compare over the phone." > > Depends on the trust model. May not work. This is incomplete. The paragraph goes on to say: > we still get fairly decent authentication against a MiTM attack, based > on a form of key continuity. It does this by caching some key material > to use in the next call, to be mixed in with the next call's DH shared > secret, giving it key continuity properties analogous to SSH. The SSH trust model has certainly proved itself as useful, and is probably perfectly appropriate for semi-adhoc telephony where voice nuance offers an additional means of detecting phonies (pun!). The screenshot on that page seems to indicate only three [a-z0-9] characters form the "key fingerprint". My first impression was that this was insufficient, but it is probably a good tradeoff. It is short enough that people will actually use it, and an attacker might only get a couple of tries of getting it wrong (in a 2^15 bit space) before a human would be very suspicious. -d --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
