[messaging] "Short" authentication strings
bascule at gmail.com
Sun Jul 27 10:43:14 PDT 2014
On Sun, Jul 27, 2014 at 4:32 AM, Michael Rogers <michael at briarproject.org>
> Is there something about the broadcast channel you're using
> that would make that approach unsuitable?
Actually, I'm not sure how a ZRTP-style rendezvous could work in this
With ZRTP, we're authenticating a previously untrusted channel. This means
we've already done some sort of key exchange and are seeing the same SAS on
With a system like Confusion, which is using a mixer, one side publishes a
key exchange message which is authenticated using a passphrase, and the
other side uses that passphrase to determine which message in the firehose
So there's a bit of a bootstrapping problem that, AFAICT, ZRTP doesn't
solve well. I mean, you could go message-by-message in the firehose,
comparing SASes until you get a match, but that sounds rather tedious.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Messaging