On 11/09/13 12:23, Paul Crowley wrote:
From the title it sounds like you're talking about my 2007 proposal:
http://www.lshift.net/blog/2007/11/10/squaring-zookos-triangle
http://www.lshift.net/blog/2007/11/21/squaring-zookos-triangle-part-two
This uses key stretching to increase the work of generating a colliding
identifier from 2^64 to 2^88 steps.
That part is similar, though I go from 80 bits (actually 79.3 bits) to
100 bits ; and a GPG key fingerprint is similar too, though my mashes
are shorter than either, in order to make them easy to input.
There is another difference, mashes are easy to write and input without
error - the mash alphabet only has 31 characters; A-Z plus 0-9, but 0=O,
1=I=J=L, 2=Z, 5=S. If one of those is misread as another in the subset
it doesn't matter when the mash is input. Capitalisation is also irrelevant.
However the main, big, huge difference is that a mash isn't just a hash
of a public key - in fact as far as Alice, who doesn't understand public
keys, is concerned:
It's just a secure VIOP number.
Maybe she needs an app to use the number on her iphone or googlephone.
And another app to use it on her laptop or desktop - but the mash is
your secure VOIP number.
Or it's a secure email address.
Or it's both.
Alice need not ever see the "real" voip IP address, or the real email
address - and unless she's a cryptographer and hacker she simply won't
be able to contact you without using strong authenticated end-to-end
encryption - if the only address she has for you is your mash.
Contrast this with your proposal, or a PGP finger print. In order to use
one of these, Alice has to have an email address or telephone number to
begin with. She also has to find the key and compare it with the hash,
in order to use it securely - but she can use the email address or
telephone number without ever thinking about downloading or checking the
public key.
That's just not possible is all you give out is mashes.
It's looking at the mash as an address, not as a public key or an
adjunct to a public key service - which is why I think it's kind-of
turning Zooko's Triangle on it's head (I had never heard of ZT before :(
- but I know Zooko though, hi Zooko!).
Or maybe not, looking at the web I see ZT in several slightly different
forms.
But it probably is turning the OP's problem - the napkin scribble - on
it's head. You don't write your email and fingerprint on the napkin -
just the mash.
-- Peter Fairbrother
_______________________________________________
The cryptography mailing list
[email protected]
http://www.metzdowd.com/mailman/listinfo/cryptography
