On Wed, Jul 23, 2014 at 12:55 PM, Robert Ransom <[email protected]> wrote: > On 7/23/14, David Leon Gil <[email protected]> wrote: > >> Robert: If your host name and IP address change frequently, just use your >> name, or your zip code, or a short, very easy-to-remember nonce. The >> requirement is not that it be as strong as a password; just something to >> de-genericize the attack. (You get rid of most of that 2^27 advantage with >> only 2^16 unique hostnames...) > > I would rather just compare a whole 256-bit public key or public-key > hash than have to deal with something like the Windows 3.11 concept of > ‘workgroup’ again.
That's reasonable, particularly if you want to encrypt to someone without being able to retrieve their key via a handshake or keyserver. MiniLock is a recent project that does that: http://minilock.io/ Trevor _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
