On Tue, 2016-02-09 at 16:46 +0100, Mike Hearn wrote: > 3) If you imagine a mix network for routing of small binary messages, > is saltpack an appropriate format to use for protecting the messages > in your estimation? Or are there gotchas that its replacement-for-pgp > design would create for the case of pure machine-to-machine > messaging?
It's almost certainly not suitable for a mixnet. Mixnets are too sensitive to metadata leakage, so everything should be specially designed for their purposes. Almost any general purpose format leaks some metadata, like by the message growing smaller during unpacking. In fact, you want a provably secure mixnet format like Sphinx. I think these invariably involve both large-block cyphers like Lionness, AEZ, HHFFHFHH (sp?), etc. *without* MACs for the body, and maybe stream cyphers with MACs for the header. There are specific situations like protecting the final message contents from the last hop where anything goes, but the mixnet itself is extremely restrictive. Jeff
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
