[messaging] MITM-safe communication w/o authentication possible?

Michael Rogers michael at briarproject.org
Mon Nov 30 07:29:10 PST 2015

On 30/11/15 15:20, Daniel Kahn Gillmor wrote:
> On Mon 2015-11-30 15:52:35 +0200, Karl wrote:
>> Right.  I imagine the face is generated from the fingerprint of the
>> public key.  Hence copying it would require generating enough keys to
>> find a human-believable collision, as would be equivalently done to
>> fake .onion addresses or pgp key fingerprints.  We're a lot better at
>> remembering and comparing the details of faces than numbers, and we
>> readily associate them with identities.
> We've had quite a bit of discussion in the past about how to generate
> human-memorable fingerprints.  But the challenge isn't in getting people
> to associate the face with the identity.  It's in getting people to
> *distinguish* other plausibly-similar faces from the target face.
> Humans are generally OK at the former (some better than others) and
> often quite terrible at the latter, partly because real-world faces
> actually do change quite a bit (sunburn, nutrition, sleep, hairstyles,
> dirt, food, facial hair, etc).  we're hard-wired to make loose matches
> in this space, which is sort of the opposite of what you'd want from a
> fingerprinting technique where the adversary gets to try a lot of
> options to find a "close match" that breaks fingerprintability.

Depending on the use case, it may be possible to prevent the adversary
from searching for close matches by salting the fingerprints with a salt
that's only known to the user making the comparison, so a close match
from one user's point of view is no closer than random from another
user's point of view.

The question is whether users are comparing fingerprints with other
users, or with some authoritative source, or with their own memories.
Salt will break the first two cases, but not the third.

Anyone want to run an experiment?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x9FC527CC.asc
Type: application/pgp-keys
Size: 1731 bytes
Desc: not available
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20151130/c7bb0416/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20151130/c7bb0416/attachment.sig>

More information about the Messaging mailing list