[messaging] "Short" authentication strings

Tony Arcieri bascule at gmail.com
Sun Jul 27 10:43:14 PDT 2014

On Sun, Jul 27, 2014 at 4:32 AM, Michael Rogers <michael at briarproject.org>

> Is there something about the broadcast channel you're using
> that would make that approach unsuitable?

Actually, I'm not sure how a ZRTP-style rendezvous could work in this

With ZRTP, we're authenticating a previously untrusted channel. This means
we've already done some sort of key exchange and are seeing the same SAS on
either side.

With a system like Confusion, which is using a mixer, one side publishes a
key exchange message which is authenticated using a passphrase, and the
other side uses that passphrase to determine which message in the firehose
to trust.

So there's a bit of a bootstrapping problem that, AFAICT, ZRTP doesn't
solve well. I mean, you could go message-by-message in the firehose,
comparing SASes until you get a match, but that sounds rather tedious.

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140727/7afd44f8/attachment.html>

More information about the Messaging mailing list