-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 18/09/13 08:23, ianG wrote: > If I compromise your first shared secret, does that mean every > shared secret thereafter is compromised?
Yes. (Improvements are possible here, by sending and acking fresh key material inside the encrypted envelopes, but that requires two-way communication, so in the one-way case we'd always be vulnerable to the initial secret being compromised.) > How do you coordinate between endpoints for the rotation? Is it > strictly time-based? Or is there some sense of "searching the > space" by hashing forward multiple rotations until the message > decrypts? It's strictly time-based. The rotation period is based on the maximum latency of the communication channel and the maximum difference between the endpoints' clocks, such that if the sender thinks it's rotation period p at the time of sending, the recipient will think it's no earlier than period p-1 and no later than period p+1 at the time of receipt. If the endpoints have very inaccurate clocks, you get longer rotation periods but the protocol still works - as long as the endpoints know roughly how inaccurate their clocks might be. > Ah, but does it consider the pâté attack? ;) Is that a type of meat-in-the-middle attack? Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJSOb2KAAoJEBEET9GfxSfMae8IAMR0HxXQYUwIgJrQ5byQnIdO /z8frXW4qhBKtyt+zimpS1N0qBxg5hbQKoSYqSsIq/Et80/Lmjivnv/bHrVvfCeI RX0aFVvZi3BXthuYqr8x/AAbYun9y/jGAz6UoIDyXXA9oljom//e5AqZK3p9o9sg eWDltbuc4R5QBMEeMvbL7MM5PxrpSEVGfh0KzQZFn/MOCg6pjDuXWnfWWajf1Eg0 FZvaGNKu9DmNU9hxI8MOZePmiTy9S/Bjayp6Syt1cJTKKT9lT8IQJwRb1tERf/Go DqrdZBUZmsR1CIlzy9eS2XSUD4hyBqfp+Y2hjWanzsA1JWx7XrcDxxy5jTRJ3+c= =R1L+ -----END PGP SIGNATURE----- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
