* Matthew Toseland <[EMAIL PROTECTED]> [2007-11-16 17:41:34]: > On Friday 16 November 2007 17:07, Michael Rogers wrote: > > Matthew Toseland wrote: > > > Public key fingerprints are very difficult to turn into something that is > > > secure from all angles, and is short. > > > > Fingerprint = hash of the public key. Comparable in length (though not > > memorability) to a password, and more secure because it doesn't need to > > be kept secret. > > Well it *should* be kept secret, to prevent various harvesting attacks. But > yeah, the proposal seems sane. So, the remaining mechanisms: > > Invites with a temporary keypair (invite = H(pubkey_temp), IP:port; > obfuscation key = H(pubkey_temp)) > > Short noderefs (ref = H(real_pubkey), IP:port; obfuscation key = H(pubkey_R + > H(pubkey_I)) ) > > And possibly SRP. > PRO: We can use easy-to-remember/communicate (low entropy) passphrases, > rather > than 32 bytes (64 hex chars, 43 base64). > PRO: And it's still secure, provided that we have a limited number of > attempts > per password (so for SRP-based invites we will need IP:port, invite counter, > passphrase). > SRP would normally be a one-way invite, but if the inviter is NATed Fred > would > ask for the IP:port of the invitee. > CON: How would we obfuscate it? Dictionary resistance requires that we don't > just send the password - SRP has a "username" aka invite counter so that it > can only allow a small number of attempts for a specific username/invite... > So we can't just superencrypt using the password!
And why not ? :) Use a few bytes of H(password)... Make it so small that collisions are more than probable. He will end up with a hashcash to solve... and SRP is gonna give him only a few tries. Btw, if you generate passwords, you can be confident that they don't figure in any dictionary ;) NextGen$
signature.asc
Description: Digital signature
_______________________________________________ Devl mailing list Devl@freenetproject.org http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
