On 2/14/14, Trevor Perrin <[email protected]> wrote: > (C) With no computers, there's various ways to agree on enough entropy > for an unlinkable online rendezvous: > 1. People invent passwords on-the-fly, and hope that a bunch of > key-stretching will make them strong enough. > 2. Shuffling / splitting decks of cards (Adam's idea for Pond).
Specifically, Adam suggested shuffling a deck of cards, then cutting it (in the sense of splitting it into two smaller sequences of cards) and using the (unordered) set of cards as a shared key. This is a very fast way to establish a shared secret key; if the deck is cut into exactly equal-sized halves, it produces almost 49 bits of entropy, and if you're a little sloppy about the location of the cut, it easily produces more than 51 bits of entropy. There's a less efficient way to derive a much stronger key from a shuffled deck of cards: use its order, or the order of the first N cards. If you use the first 10 cards, that's already more than 55 bits; the first 20 cards provide over 107 bits; and the first 26 cards (half the deck) provide over 137 bits. There are two ways to share the resulting secret: (a) one party writes down the sequence (slow but non-destructive); (b) the parties cut the deck in half (in the sense of chopping the cards with a knife) (fast but destroys the deck permanently). Robert Ransom _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
