On Thursday 22 November 2007 00:58, you wrote: > Matthew Toseland wrote: > > Well, suppose we did this. 128 bits is 25 characters. We add one character for > > redundancy (checksum). One advantage is it only needs to be exchanged in one > > direction. This would seem at the moment to be the simplest option. And we > > then only need to exchange IP:port in advance. > > A couple of minor worries: first, if the initiator doesn't need to prove > that it knows the responder's ID in the first message (as it currently > does in JFKi) then port scanning becomes easier.
Obfuscation passwords, distributed with the IP:port. > Second, if it's > possible to skip the verification step and just click OK, most people > will - how do we prevent this? We require that the password is exchanged in one direction or the other. Pick a direction based on the last digit of the key hash, have one side show the key and the other demand it. I don't suppose sending half each way would work? > > Cheers, > Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20071122/c2111c4d/attachment.pgp>
