On 10/09/13 05:38, James A. Donald wrote:
On 2013-09-10 3:12 AM, Peter Fairbrother wrote:
I like to look at it the other way round, retrieving the correct name
for a key.
You don't give someone your name, you give them an 80-bit key
fingerprint. It looks something like m-NN4H-JS7Y-OTRH-GIRN. The m- is
common to all, it just says this is one of that sort of hash.
1. And they run away screaming.
Sorry, I misspoke: you can of course give them your name, just not your
telephone number or email address. You give them the hash instead of those.
2. It only takes 2^50 trials to come up with a valid fingerprint that
agrees with your fingerprint except at four non chosen places.
And that will help an attacker how?
To use a hash to contact you Bob has to ask the semi-trusted server to
find the hash and then return your matching input string - if he gets it
wrong even in one place the server will return a different hash, or no
hash at all.
Bob can't use a hash which doesn't match exactly.
Sound too restrictive? But Bob can't use a telephone number or email
address which is wrong in one place, never mind four, either.
I was even thinking of using a 60-bit hash fingerprint (with a whole lot
of extra work added, to make finding a matching tailored preimage about
2^100 or so total work), so a hash would look like s-NN4H-JS7Y-OTRH but
I haven't convinced myself that that would work yet.
Mind you, I haven't ruled it out either. There is a flood attack, but it
can be defeated by people paying a dollar to the server when they input
a hash.
-- Peter Fairbrother
_______________________________________________
The cryptography mailing list
[email protected]
http://www.metzdowd.com/mailman/listinfo/cryptography
_______________________________________________
The cryptography mailing list
[email protected]
http://www.metzdowd.com/mailman/listinfo/cryptography
