Matthew Toseland wrote: > Invites with a temporary keypair (invite = H(pubkey_temp), IP:port; > obfuscation key = H(pubkey_temp))
Minor point: obfuscation key = H(nonce + H(pubkey_temp)). Or if you accept the argument in my other message that we need mutual authentication, obfuscation key = H(nonce + H(pubkey_temp_R) + H(pubkey_temp_I)). > Short noderefs (ref = H(real_pubkey), IP:port; obfuscation key = H(pubkey_R + > H(pubkey_I)) ) Again, H(nonce + H(pubkey_R) + H(pubkey_I)). But if we're doing a two-way exchange anyway, is there any advantage to using refs instead of invites? Should we get rid of refs altogether and just use invites? > And possibly SRP. > PRO: We can use easy-to-remember/communicate (low entropy) passphrases, > rather > than 32 bytes (64 hex chars, 43 base64). > PRO: And it's still secure, provided that we have a limited number of > attempts > per password (so for SRP-based invites we will need IP:port, invite counter, > passphrase). Tempting, but not secure - anyone who sees the invite can MITM the handshake. I think we need to be realistic about user behaviour: most people don't exchange keys face to face, the most they're likely to do is use a real-time medium that's easy to eavesdrop but hard to MITM. The furthest I've ever known someone to go is emailing a public key and phoning to confirm a few digits of the fingerprint, and that's someone who makes their living from network security. Most users will just cross their fingers and email the password if we give them that option. Cheers, Michael _______________________________________________ Devl mailing list Devl@freenetproject.org http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
