On Friday 16 November 2007 17:07, Michael Rogers wrote: > Matthew Toseland wrote: > > Public key fingerprints are very difficult to turn into something that is > > secure from all angles, and is short. > > Fingerprint = hash of the public key. Comparable in length (though not > memorability) to a password, and more secure because it doesn't need to > be kept secret.
Well it *should* be kept secret, to prevent various harvesting attacks. But yeah, the proposal seems sane. So, the remaining mechanisms: Invites with a temporary keypair (invite = H(pubkey_temp), IP:port; obfuscation key = H(pubkey_temp)) Short noderefs (ref = H(real_pubkey), IP:port; obfuscation key = H(pubkey_R + H(pubkey_I)) ) And possibly SRP. PRO: We can use easy-to-remember/communicate (low entropy) passphrases, rather than 32 bytes (64 hex chars, 43 base64). PRO: And it's still secure, provided that we have a limited number of attempts per password (so for SRP-based invites we will need IP:port, invite counter, passphrase). SRP would normally be a one-way invite, but if the inviter is NATed Fred would ask for the IP:port of the invitee. CON: How would we obfuscate it? Dictionary resistance requires that we don't just send the password - SRP has a "username" aka invite counter so that it can only allow a small number of attempts for a specific username/invite... So we can't just superencrypt using the password! IMHO all four of these mechanisms are useful. OTOH if you can convince me that SRP is superfluous I'd be very happy, because it will be a load of work to implement it. :) > > Cheers, > Michael
pgpqxiHErOrO1.pgp
Description: PGP signature
_______________________________________________ Devl mailing list Devl@freenetproject.org http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
