-- Rick Smith <smith@securecomputing.com> writes:
I admit I can't figure out what crypto mechanism Kong is really using since there's obfuscating talk of passphrases and secrets.
At 12:06 AM 12/6/97 GMT, Adam Back wrote:
What James describes on the page is that he is storing the private EC key in a file. The file is optionally encrypted with a passphrase.
No The file, if you have one, is merely a continuation of the passphrase. The secret key is generated on the fly from the passphrase, the file, and the name: In my web page "How Kong Works" I write: To generate our secret key, your computer hashes the passphrase, the secret file, and the name, to generate a big number, a two hundred and forty bit number. That is a number somewhere around 1000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 So the secret generated from your secret key is really a very big number. The public key, which appears in your signature, is an elliptic point, the generator multiplied by that number. This point is represented by the x coordinate of the elliptic point, a 255 bit number, plus a sign bit, represented in base 64 format. Rick Smith
Since Kong does not use certificates, it is vulnerable to the Man in the Middle (MIM) attack and indeed to forgery.
Not so. For example how could a man in the middle pass himself off as the author of Crypto Kong?
However, I also suspect that the behavior of a long lived cyberspace identity would make a MIM attack detectable and/or impractical in the long run.
Exactly so. Any document is potentially a certificate. Commonly you wish to link a document to network reputation, rather than a physical person. For this purpose PGP key signing parties are largely irrelevant. Verisign certificates primarily work to link your digital signature to your credit rating, and thus, unfortunately, also liink your digital signature to the number of the beast. At present there is insufficient internet commerce for a credit rating not linked to the number of the beast to be useful, though this may change in the future.
In general John Doe's strategy to avoid being the subject of a MITM attack should be to be unpredictable in the channels he uses for authentication and communication.
John Doe usually wishes to avoid a MITM attack because his reputation is valuable. He fears Malloc will use that reputation for Mallocs own purposes. If John Doe's reputation is valuable, he has emitted many communications over a lengthy time. If these are signed, and each signature contains John Doe's public key, Malloc cannot perform a man in the middle attack, and thus cannot steal John Doe's reputation, or use it for his own purposes. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG KsnYz0T1NR0Dp/XX6Pri0xg59C+MF79KO/GUuXZW 49sq/p4ywrtYwg1Kl/PsTHBHGYfBfWYLF6pkKH+UU
Interlock protocols are another method of complicating the MITM's task. If Joe develops the habit of posting the hash of messages he is about to post a day in advance, the MITM must think of something to say also, and publish the hash, so that it can publish something a day later.
As the MITM's messages now don't match with what Joe said, the MITM has to lie some more to keep up the game. We would like to overload the MITM so that his task of lying becomes computationally infeasible.
Adam
--------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we are. True law derives from this right, not from the arbitrary power of the state. http://www.jim.com/jamesd/