Daniel Kahn Gillmor wrote this message on Thu, Jan 30, 2014 at 01:43 -0500: > On 01/30/2014 01:19 AM, Robert Ransom wrote: > > The difference is that you can encrypt messages to a key offline, but > > you need to be connected to the Internet (and to a working directory > > server of some sort) in order to encrypt messages to a fingerprint. > > There is a hybrid approach to doing a handshake like this between two > users in person, though, if both have computing devices with them. You > can use human-inspectable mechanisms like QR codes or acoustic coupling > to transmit a fingerprint, and then use whatever (non-inspectable) > higher-bandwidth channel exists between the two devices (802.11b, NFC, > bluetooth) to transmit the full key/metadata, which each peer then > verifies against the fingerprint.
If you have a high bandwidth interactive channel, why not do a DH key exchange, and then use a short hash (pin) to validate the DH key exchange.. Once you have validated the DH key exchange, you can pass any data over the channel... I used this mechanism in pyfp: https://www.funkthat.com/~jmg/pyfp/pyfp-0.5.tar.gz pyfp is designed for secure file transfer over an insecure network when you have an authenticated low bandwidth (such as voice) channel... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
