Re: Suggestions For The Passing of Passphrases
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


sci.crypt archive

Re: Suggestions For The Passing of Passphrases

From: Alan <a__l__a__n@hotmail.com>
Date: Thu Jun 09 2005 - 19:15:27 CEST



"nemo_outis wrote:


> Additionally, one may surmise that "know each other well" implies they


> recognize each other's voices and could exchange public keys, say, over


> the phone (call it low-grade implicit authentication) with little fear of


> MITM problems (voice impersonation/spoofing, say).



Well, the OP did say:


> Persons A or B are under communication surveillance, that is, telephone,


email, postal mail, etc.



So I excluded phone as a side channel. I got the impression that he wanted a


protocol that required no side channel.



> However, Ari morphed the problem in subsequent posts to involve (in some


sense) stego.



IMO that's just another side channel.  If  A and B are under communication


surveillance, it should be assumed that anything they communicate would be


examined for stego messages.  When the enemy suspects a stego message is


present in a communication, stego has already failed.  It is quite likely he


will find the message.



Alan


Received on Thu Sep 29 21:42:17 2005