Monkey Wrench into the works

David Jablon dpj at
Wed Aug 27 22:24:19 PDT 1997


You're rebuttal to Myron's message is simplistically
elegant, but just as wrong as the original posting.

It is perfectly fine to secure a relationship using shared
secrets ... in some situations.  You are wrong in implying
that shared secrets don't work anywhere.  Myron is of course
just as wrong in implying that his (or any) shared secret
scheme will replace the many needs for a public-key
infrastructure.  (As the details on his scheme or intended
applications aren't available, I have no further opinion on it.)

"Myron Lewis" <mrlewis at> wrote:
> We invite you and everyone on the list [...] to visit the KeyGen
> webpage, and learn about Automatic Synchronized
> KeyGeneration(TM).  If you think you recognize it as something you have seen
> before, you're close but wrong.
> We are obviously biased, but we feel strongly and so do many others, that
> ASK will solve many of the security problems presently under discussion.  In
> time, it will probably sink Key Management and Certificate Authorities.

On 8/27/97, James A. Donald replied paraphrasing Ben Franklin,
(who really knew very little about cryptography):
>What one man knows, nobody knows.
>What two men know, everyone knows.
>Shared secrets just don't work.

Clearly in many cases parties must share secrets.
You and your bank keep mutual secrets about your money.
You and your doctor keep mutually secret medical data.
It's hardly a burden in many cases to keep a few more
secret bits on a per-user basis, if it can help make
things a lot more secure.

For example, you might look at <>
to see what just a few shared secret bits can really do.
The EKE, SPEKE, and related methods leverage a lowly password
as a strong factor in authentication.

Public-keys and CA's are ideal and necessary for many things,
like mutually anonymous short-lived relations.  The
"one-night-stand" web credit transaction comes to mind.
For long-term relationships, the extra overhead of
additional one-on-one key pre-agreement may often be
insignificant, and I dare say that, in *some* cases,
public-key encryption can be made almost irrelevant.

The best methods of course usually combine these different
paradigms as needed to achieve the most security and

David Jablon
dpj at

More information about the cypherpunks-legacy mailing list