[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
20 questions (was Re: Man in the middle attacks)
At 08:49 3/8/96, David P. Kemp <dpkemp@missi.ncsc.mil> wrote:
>> From: cme@cybercash.com (Carl Ellison)
>>
>> Yes! If you've met Bob in person, then you have a body of common knowledge
>> that most likely can be converted to a shared secret. That shared secret,
>> in turn, can be used to verify that there is no eavesdropper. This
>> in-person meeting is the second channel which defeats Eve.
>I'd like to see your proposal for converting wetware shared secrets
>into a cryptographic shared secret, reliably and with more than a
>trivial number of bits.
>
> "Hey Bob, remember that restaurant we went to at the last IETF?
> What was the waitress' name and how many people were at the table?"
>
>What does that get you? About 8 bits of entropy?
about. It takes several such questions/answers to get up to 160 bits
-- in fact, 20, if you're right.
>And what if you remember the waitress as "Lori", but Bob remembers
>her as "Lorrie"?
You permit several spellings. Such options lose you a couple of bits. You
also allow him to make some mistakes. He has to make the right number of
successes to get all those bits.
I'm preparing a real paper on this subject - will send you a copy when it's
available, if you care.
- Carl
+--------------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430 http://www.cybercash.com/ |
|2100 Reston Parkway PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091 Tel: (703) 620-4200 |
+--------------------------------------------------------------------------+