[messaging] JackPair
Brian Warner
warner at lothar.com
Wed Aug 27 17:23:20 PDT 2014
On 8/22/14, 5:50 PM, Andy Isaacson wrote:
> It seems a little silly to me too, but I'm encouraged to see new
> innovations in end user security systems, especially when they're not
> trying to do something fundamentally impossible and seem to have a
> reasonable grasp of what's required.
Did anyone else get the sense that their "pairing code" is a truncated
hash of the session key, and thus vulnerable to the MitM forcing the two
session keys to achieve a partial collision of the codes?
Sounds like a job for SAS[1] (Short Authenticated Strings). I haven't
thought through it too far, but I think speaking and verifying an 8
digit code (4 from each side) would reduce the MitM's chance of success
down to 1-in-10k, no matter how much computation they spent trying for
collisions. SAS is unidirectional, so I think both sides have to emit
and compare a code (A->B + B->A), hence the 2x length requirement. But
maybe 1x is enough.
cheers,
-Brian
[1]: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.94.8504
More information about the Messaging
mailing list