Oskar is of the opinion that we can replace the current session restart
code, which does some PK operations, with something like this:
Alice:
Token = H(bob's PK XOR my PK + session key)
Send Token + H(bob's PK + token)
Bob:
If gets it all right, accept it and send IV
If gets H(bob's PK + token) right (he sent token, we know our
own PK), we know he knows our key, so send a hangup byte (and go
to inbound neg with no known session)
If gets it all wrong, close the connection
Do you concur? We will need to implement a new session version anyway
for various reasons in the not too distant future, so now is a good time
to do this. Are there any security issues you can see that are present in
this version and not in the original?
--
Matthew Toseland
toad at amphibian.dyndns.org/amphibian at users.sourceforge.net
Full time freenet hacker.
http://freenetproject.org/
Freenet Distribution Node (temporary) at
http://80-192-4-36.cable.ubr09.na.blueyonder.co.uk:8889/nDBm5SExzKo/
ICTHUS.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL:
<https://emu.freenetproject.org/pipermail/devl/attachments/20030315/fa454952/attachment.pgp>
