[messaging] "Short" authentication strings
Tony Arcieri
bascule at gmail.com
Sun Jul 27 10:43:14 PDT 2014
On Sun, Jul 27, 2014 at 4:32 AM, Michael Rogers <michael at briarproject.org>
wrote:
> Is there something about the broadcast channel you're using
> that would make that approach unsuitable?
>
Actually, I'm not sure how a ZRTP-style rendezvous could work in this
scenario.
With ZRTP, we're authenticating a previously untrusted channel. This means
we've already done some sort of key exchange and are seeing the same SAS on
either side.
With a system like Confusion, which is using a mixer, one side publishes a
key exchange message which is authenticated using a passphrase, and the
other side uses that passphrase to determine which message in the firehose
to trust.
So there's a bit of a bootstrapping problem that, AFAICT, ZRTP doesn't
solve well. I mean, you could go message-by-message in the firehose,
comparing SASes until you get a match, but that sounds rather tedious.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140727/7afd44f8/attachment.html>
More information about the Messaging
mailing list