[messaging] "Short" authentication strings
Tony Arcieri
bascule at gmail.com
Tue Jul 8 00:35:38 PDT 2014
On Mon, Jul 7, 2014 at 11:41 PM, Brian Warner <warner at lothar.com> wrote:
> * it sounds like you only care about authenticating the pubkeys, but
> you're actually encrypting them too. You might be able to simplify
> things: instead of xsalsa20, just use a keyed MAC (HMAC-SHA256 or bare
> poly1305 aka "crypto_onetimeauth").
>
The "one weird trick" of my protocol is to launder key exchanges through a
"broadcast" feed containing both encrypted messages and key exchanges, both
padded to the same size (presently targeting ~64kB) and published to all
recipients (ala a remailer)
I'm interested in what happens when you impose this sort of artificial
constraint and whether it can positively impact a protocol's simplicity. It
seems to have worked out for Twitter.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140708/13ffe978/attachment.html>
More information about the Messaging
mailing list