On Thu, Mar 20, 2014 at 11:35 AM, Ben Laurie <[email protected]> wrote: > On 20 March 2014 07:11, Trevor Perrin <[email protected]> wrote: > > > > (Context for this discussion: > > > > https://moderncrypto.org/mail-archive/messaging/2014/000086.html > > https://moderncrypto.org/mail-archive/messaging/2014/000113.html > [...]
> > > FWIW, here's a thing I did years ago: > > http://www.apache-ssl.org/apres.pdf Nice!, definitely anticipates some of the Pond / PANDA stuff. Like PANDA, Apres authenticates an online rendezvous with an "introduction secret" agreed between users: """ One protocol [...] would be for each person to choose two words. Both people then remember (or write down) all four words. Assuming people make some effort to choose from a wide vocabulary, we could safely assume around 12 bits of entropy in each word, giving a total entropy of 48 bits. """ Watson and I are discussing a different approach: have users exchange ECDH keys or fingerprints instead of exchanging introduction secrets directly. Then calculate the "introduction secret" via ECDH. These ECDH public values could be static and nonsecret, so should be easier to deal with (could be printed on a business card, corroborated with online lookup, etc.) Trevor
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
