[freenet-dev] What we are really after was Re: Short refs was Re: alternative to #freenet-refs
Michael Rogers
m.rogers at cs.ucl.ac.uk
Fri Nov 16 19:16:04 UTC 2007
Matthew Toseland wrote:
> Invites with a temporary keypair (invite = H(pubkey_temp), IP:port;
> obfuscation key = H(pubkey_temp))
Minor point: obfuscation key = H(nonce + H(pubkey_temp)). Or if you
accept the argument in my other message that we need mutual
authentication, obfuscation key = H(nonce + H(pubkey_temp_R) +
H(pubkey_temp_I)).
> Short noderefs (ref = H(real_pubkey), IP:port; obfuscation key = H(pubkey_R +
> H(pubkey_I)) )
Again, H(nonce + H(pubkey_R) + H(pubkey_I)). But if we're doing a
two-way exchange anyway, is there any advantage to using refs instead of
invites? Should we get rid of refs altogether and just use invites?
> And possibly SRP.
> PRO: We can use easy-to-remember/communicate (low entropy) passphrases, rather
> than 32 bytes (64 hex chars, 43 base64).
> PRO: And it's still secure, provided that we have a limited number of attempts
> per password (so for SRP-based invites we will need IP:port, invite counter,
> passphrase).
Tempting, but not secure - anyone who sees the invite can MITM the
handshake. I think we need to be realistic about user behaviour: most
people don't exchange keys face to face, the most they're likely to do
is use a real-time medium that's easy to eavesdrop but hard to MITM.
The furthest I've ever known someone to go is emailing a public key and
phoning to confirm a few digits of the fingerprint, and that's someone
who makes their living from network security. Most users will just cross
their fingers and email the password if we give them that option.
Cheers,
Michael
More information about the Devl
mailing list