Re: [cryptography] Security Discussion: Password Based Key Derivation for Elliptic curve Diffie–Hellman key agreement
Thanks for all the comments so far! Is there a reason you did not consider using OTR? Or another of the many secure chat protocols? We did not want to use OTR, because we do not want to have forward secrecy and message deniability. Our idea is to built an encryption scheme that is completely transparent to the user, it should not appear different to him if he is chatting over an encrypted Facebook chat or not. This way we hope to make encryption easier, less of hassle and more mainstream. If we had session keys that expire after the conversation is over, the user wouldn't be able to read the messages later on (or on a different device) or send offline messages (all things possible with original Facebook Messenger). What safeguards do you have against a MITM attack? We were thinking to query the public key server over HTTPS and validate the certificate (either through a CA or hard coded in the plugin). Also, wouldn't you have to compromise the public key server (to deliver wrong pub keys to both parties) and the communication channel to Facebook (to intercept the message) at the same time? Therefore, we thought that only Facebook itself would have a realistic opportunity for MITM attacks (meaning the user would have to trust us, that we don't cooperate with them). We also thought about building a decentralized Web-of-Trust, but found it hard to establish a second secure channel (assuming that users don't necessarily engage in real life) without impacting usability. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Security Discussion: Password Based Key Derivation for Elliptic curve Diffie–Hellman key agreement
A MITM attack is more than just trusting your SSL cert or Facebook. How do we know *you* aren’t secretly intercepting our messages? Does your platform assume we have to trust *you*? On Dec 18, 2013, at 3:36 AM, SafeChat.IM i...@safechat.im wrote: Thanks for all the comments so far! Is there a reason you did not consider using OTR? Or another of the many secure chat protocols? We did not want to use OTR, because we do not want to have forward secrecy and message deniability. Our idea is to built an encryption scheme that is completely transparent to the user, it should not appear different to him if he is chatting over an encrypted Facebook chat or not. This way we hope to make encryption easier, less of hassle and more mainstream. If we had session keys that expire after the conversation is over, the user wouldn't be able to read the messages later on (or on a different device) or send offline messages (all things possible with original Facebook Messenger). What safeguards do you have against a MITM attack? We were thinking to query the public key server over HTTPS and validate the certificate (either through a CA or hard coded in the plugin). Also, wouldn't you have to compromise the public key server (to deliver wrong pub keys to both parties) and the communication channel to Facebook (to intercept the message) at the same time? Therefore, we thought that only Facebook itself would have a realistic opportunity for MITM attacks (meaning the user would have to trust us, that we don't cooperate with them). We also thought about building a decentralized Web-of-Trust, but found it hard to establish a second secure channel (assuming that users don't necessarily engage in real life) without impacting usability. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Security Discussion: Password Based Key Derivation for Elliptic curve Diffie–Hellman key agreement
The app/plugin will be open source, so you can see what we are doing. Messages will only be sent to the Facebook XMPP server. On Dec 18, 2013, at 4:24 PM, Jason Goldberg jgoldb...@oneid.com wrote: A MITM attack is more than just trusting your SSL cert or Facebook. How do we know *you* aren’t secretly intercepting our messages? Does your platform assume we have to trust *you*? On Dec 18, 2013, at 3:36 AM, SafeChat.IM i...@safechat.im wrote: Thanks for all the comments so far! Is there a reason you did not consider using OTR? Or another of the many secure chat protocols? We did not want to use OTR, because we do not want to have forward secrecy and message deniability. Our idea is to built an encryption scheme that is completely transparent to the user, it should not appear different to him if he is chatting over an encrypted Facebook chat or not. This way we hope to make encryption easier, less of hassle and more mainstream. If we had session keys that expire after the conversation is over, the user wouldn't be able to read the messages later on (or on a different device) or send offline messages (all things possible with original Facebook Messenger). What safeguards do you have against a MITM attack? We were thinking to query the public key server over HTTPS and validate the certificate (either through a CA or hard coded in the plugin). Also, wouldn't you have to compromise the public key server (to deliver wrong pub keys to both parties) and the communication channel to Facebook (to intercept the message) at the same time? Therefore, we thought that only Facebook itself would have a realistic opportunity for MITM attacks (meaning the user would have to trust us, that we don't cooperate with them). We also thought about building a decentralized Web-of-Trust, but found it hard to establish a second secure channel (assuming that users don't necessarily engage in real life) without impacting usability. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [cryptome] acoustic side channel attacks against TEMPEST shielded equipment
Excellent pointer. Full paper published today, 18 Dec 2013: RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis, by Genkin, Shamir, Tromer: http://www.cs.tau.ac.il/~tromer/papers/acoustic-20131218.pdf At 11:29 AM 12/18/2013, you wrote: http://www.cs.tau.ac.il/~tromer/acoustic/ ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography