WoT discussions, Trust for Nyms

James A. Donald jamesd at echeque.com
Sat Feb 21 23:14:53 PST 1998


    --
Rick Smith <smith at securecomputing.com> writes:
> > I admit I can't figure out what crypto mechanism Kong is 
> > really using since there's obfuscating talk of 
> > passphrases and secrets.

At 12:06 AM 12/6/97 GMT, Adam Back wrote:
> What James describes on the page is that he is storing the 
> private EC key in a file.  The file is optionally encrypted 
> with a passphrase.

No

The file, if you have one, is merely a continuation of the  
passphrase.

The secret key is generated on the fly from the passphrase,  
the file, and the name:

In my web page "How Kong Works"  I write:

       To generate our secret key, your computer hashes the  
       passphrase, the secret file, and the name, to generate 
       a big number, a two hundred and forty bit number. That 
       is a number somewhere around 1000 000 000 000 000 000 
       000 000 000 000 000 000 000 000 000 000 000 000 000  
       000 000 000 000 000 

       So the secret generated from your secret key is really 
       a very big number. 

       The public key, which appears in your signature, is an 
       elliptic point, the generator multiplied by that  
       number. This point is represented by the x coordinate 
       of the elliptic point, a 255 bit number, plus a sign  
       bit, represented in base 64 format. 

 Rick Smith
> > Since Kong does not use certificates, it is vulnerable to 
> > the Man in the Middle (MIM) attack and indeed to forgery.

Not so.

For example how could a man in the middle pass himself off as 
the author of Crypto Kong?

> > However, I also suspect that the behavior of a long lived 
> > cyberspace identity would make a MIM attack detectable 
> > and/or impractical in the long run.

Exactly so.

Any document is potentially a certificate. 

Commonly you wish to link a document to network reputation, 
rather than a physical person.  For this purpose PGP key 
signing parties are largely irrelevant.   Verisign 
certificates primarily work to link your digital signature to 
your credit rating, and thus, unfortunately, also liink your 
digital signature to the number of the beast.

At present there is insufficient internet commerce for a 
credit rating not linked to the number of the beast to be 
useful, though this may change in the future.

> In general John Doe's strategy to avoid being the subject 
> of a MITM attack should be to be unpredictable in the 
> channels he uses for authentication and communication.

John Doe usually wishes to avoid a MITM attack because his 
reputation is valuable.  He fears Malloc will use that 
reputation for Mallocs own purposes.

If John Doe's reputation is valuable, he has emitted many 
communications over a lengthy time.

If these are signed, and each signature contains John Doe's 
public key, Malloc cannot perform a man in the middle attack,
and thus cannot steal John Doe's reputation, or use it for
his own purposes. 

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     KsnYz0T1NR0Dp/XX6Pri0xg59C+MF79KO/GUuXZW
     49sq/p4ywrtYwg1Kl/PsTHBHGYfBfWYLF6pkKH+UU

>
>
>Interlock protocols are another method of complicating the MITM's
>task.  If Joe develops the habit of posting the hash of messages he is
>about to post a day in advance, the MITM must think of something to
>say also, and publish the hash, so that it can publish something a day
>later.
>
>As the MITM's messages now don't match with what Joe said, the MITM
>has to lie some more to keep up the game.  We would like to overload
>the MITM so that his task of lying becomes computationally infeasible.
>
>Adam
>
>
 ---------------------------------------------------------------------
We have the right to defend ourselves and our property, because of 
the kind of animals that we are. True law derives from this right, 
not from the arbitrary power of the state.

http://www.jim.com/jamesd/




More information about the cypherpunks-legacy mailing list