On Wed, Sep 18, 2013 at 12:12 AM, Adam Back <a...@cypherspace.org> wrote:
> Thats a good approach but note it does assume your messages are delivered in
> the same order they are sent (even though they are delivered
> asynchronously). That is generally the case but does not have to be -
> neither email nor UDP for example guarantee that.
> Maybe you would want to include an authenticated sequence number so the
> recipient can detect gaps and out of order messages, though that does create
> an attack where the attacker can delete a message, and cause the recipient
> to keep messages.
>
> Or better the actual key used could be derived to fix that. eg
> k_{i+1}=H(k_i) delete k_i; but also sk_i=H(1||k_i) then use sk_i values. In
> that way you can keep keys for a gap with no security implication other than
> the missing/delayed message security. Other messages that come afterwards
> would be unaffected.
Yeah! That's a great way to do it.
In case of out-of-order delivery, you could eventually delete unused
sk_i values once they get too old.
You could also encrypt the sequence numbers with some static key so as
not to leak info on the # of messages exchanged.
Trevor
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
