Matthew Toseland wrote: > You give a friend your IP address, port number, and a one-time password. > This can be used precisely once. It can however be used by a newbie.
Sounds reasonable, but a public key fingerprint - even a short one - would be more secure against eavesdroppers than a password. Regardless of whether passwords or fingerprints are used, we have to exchange references in both directions if we want mutual authentication. How short can we make the references? Ideally they should be short enough to read out over the phone or paste into IRC without getting kicked off the server. The IP address and port are 48 bits, and the fingerprint should be at least 32 bits (128 if we want decent security, but that would make the reference quite long). The whole reference could be encoded in base32, which is nearly as compact as base64 and easier to read out over the phone. That means a reference with a 32 bit fingerprint would be 16 characters including address and port - "ghw5 q63y aklt 24t3". A more secure reference with a 128 bit fingerprint would be 36 characters - "ghw5 q63y aklt 24t3 67ip 32yt sgqi 24od 5fan". That seems a bit unwieldy to me - what does everyone else think? Where should we draw the line between brevity and security? Cheers, Michael
