Hello, On Nov 22, 11:23 pm, Outback Dingo <outbackdi...@gmail.com> wrote:

On Tue, Nov 22, 2011 at 8:00 AM, Paul Gardner-Stephen

<p...@servalproject.org> wrote:

...

Seehttp://servalpaul.blogspot.com/2011/11/demonstrating-serval-rhizome-s... for some details, video and cartoon to explain a little of how it works. I am also working on a white paper that describes it in much more detail.

Sounds nice in theory, but what about message security....... if someone elses phone contains the message as a courier device could it not be intercepted and read by a devious user?

I am writing a paper at the moment that describes the solution in more detail, but what we intend to do is use the public key in a Curve25519 auth-crypt cryptosystem that is a recipient's network address on a Serval network to encrypt the message so that only the rightful recipient can decrypt it. Thus we are already planning to do what Breno suggested. Curve25519 is a nice crypto system for this, because it is quite fast, which is good for phones, and it is also very strong with relatively short keys (256 bits), offering something close to RSA2048 in terms of resistance to known attacks. On the down side, it has not been out very long, so we might get exposed by some future vulnerability. If the public key is not known, a fallback that offers deterrent value only is to use the recipient's phone number to generate a hash that is used as the basis of the encryption for the message, so that you need to know the phone number the message is addressed to to receive it. This isn't amazing protection, but it is better than nothing if the public key is not known ahead of time. We will warn users before applying this fall-back scheme that there is basically no security. Paul.

...

-- You received this message because you are subscribed to the Google Groups "village-telco-dev" group. To post to this group, send email to village-telco-dev@googlegroups.com. To unsubscribe from this group, send email to village-telco-dev+unsubscribe@googlegroups.com. For more options, visit this group athttp://groups.google.com/group/village-telco-dev?hl=en.

-- You received this message because you are subscribed to the Google Groups "Serval Project Developers" group. To post to this group, send email to serval-project-developers@googlegroups.com. To unsubscribe from this group, send email to serval-project-developers+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/serval-project-developers?hl=en. ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE