Hi. I think you're slowly reinventing PGP.
Just to summarize what you have so far:
1. Alice and Bob each generate key pairs locally.
2. Both securely store their private keys.
3. Both generate hash values of their public keys.
4. Both mutually exchange public keys over an untrusted channel.
5. Bot
@Tony
On Sun, Jul 28, 2013 at 1:32 PM, Francisco Ruiz https://mailman.stanford.edu/mailman/listinfo/liberationtech>> wrote:
>* - How do I communicate a password to Bob? Before I "get a crucial bit*>* of
>information" to Bob, I need to first get a crucial bit of information*>* to
>Bob?*>**>* Ali
Tony Arcieri writes:
>How? At the very least Alice/Bob need an authenticated/trusted channel
>for this.
>
>If Alice sends Bob her "public key" over an untrusted channel, it can
>be intercepted by an MitM posing as Bob who can then intercept all
>traffic between Alice/Bob
In the real world, one o
Or the Man in the middle can pose as Alice to Bob and Bob would think all
subsequent communication with that person would be going to Alice.
On Sun, Jul 28, 2013 at 5:01 PM, Tony Arcieri wrote:
> On Sun, Jul 28, 2013 at 1:32 PM, Francisco Ruiz wrote:
>
>> - How do I communicate a password to Bo
On Sun, Jul 28, 2013 at 1:32 PM, Francisco Ruiz wrote:
> - How do I communicate a password to Bob? Before I "get a crucial bit
> of information" to Bob, I need to first get a crucial bit of information
> to Bob?
>
> Alice should send her Lock (public key) to Bob rather than anything
> secret.
>
@JulianOliver:
I've thought about having a more polished interface, including multilevel
menus, etc. They've told me all of this would be possible with jquery. But
then PassLok would have to call a (large) piece of outside code, which
would violate the offline rule.
It can probably be done with p
@SteveWeis:
- How do I communicate a password to Bob? Before I "get a crucial bit
of information" to Bob, I need to first get a crucial bit of information to
Bob?
Alice should send her Lock (public key) to Bob rather than anything secret.
- You assumed a keylogger is installed. If I type the pas
..on Fri, Jul 26, 2013 at 03:59:34PM -0500, dd...@nulltxt.se wrote:
> You should use ContentSecurityPolicy to help avoid XSS attacks:
> http://content-security-policy.com/
> https://people.mozilla.com/~bsterne/content-security-policy/
The page appears to be entirely static to me, which I thought w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 26/07/13 21:42, Francisco Ruiz wrote:
> PassLok performs public-key cryptography using the Diffie-Hellman
> key exchange rather than RSA, so you can use whatever secret key
> you want. Hopefully something that is both very hard to guess and
> easy t
Thanks for your excellent feedback, David,
PassLok 1.2 is a perfectly static page. Therefore, I don't believe it is
vulnerable to the standard XSS attack, as CERT says:
"A web page contains both text and HTML markup that is generated by the
server and interpreted by the client browser. Web sites
..on Fri, Jul 26, 2013 at 03:42:02PM -0500, Francisco Ruiz wrote:
> Scenario: you, Alice, realize you're under NSA surveillance. You need to
> get a crucial bit of information to your friend Bob, right away.
> You've been using PGP, but now you suspect the NSA may have installed a bug
> on your mac
If you assume communications are monitored and your machine is
compromised, this has some fundamental flaws:
- How do I communicate a password to Bob? Before I "get a crucial bit
of information" to Bob, I need to first get a crucial bit of information to Bob?
- You assumed a keylogger is installed
On Fri, Jul 26, 2013 at 1:42 PM, Francisco Ruiz wrote:
> Scenario: you, Alice, realize you're under NSA surveillance. You need to
> get a crucial bit of information to your friend Bob, right away.
>
You've been using PGP, but now you suspect the NSA may have installed a bug
> on your machine. You
You should use ContentSecurityPolicy to help avoid XSS attacks:
http://content-security-policy.com/
https://people.mozilla.com/~bsterne/content-security-policy/
Regards,
David
On Fri, 26 Jul 2013 15:42:02 -0500, Francisco Ruiz wrote:
> Scenario: you, Alice, realize you're under NSA surveilla
Francisco Ruiz writes:
>Scenario: you, Alice, realize you're under NSA surveillance. You need
>to get a crucial bit of information to your friend Bob, right away.
>You've been using PGP, but now you suspect the NSA may have installed
>a bug on your machine. Your keystrokes are being recorded.
>
>W
Scenario: you, Alice, realize you're under NSA surveillance. You need to
get a crucial bit of information to your friend Bob, right away.
You've been using PGP, but now you suspect the NSA may have installed a bug
on your machine. Your keystrokes are being recorded.
What can you do? Use PassLok in
16 matches
Mail list logo
