Freedomphone

[Bill Frantz]

At 4:40 PM -0800 11/20/03, Ralf-P. Weinmann wrote:
>Hmm.. Does this mean the users have to read of SHA-256 hash values to each
>other after the connection has been established? Oh. Right. It says "Readout
>hash based key authentication" on the left hand side of the spec.

You probably don't have to read all 256 bits.  One way this had been
handled (in the Starium (sp?) phone), is to display a number derived from
the hash.  One person reads the first half of the number, and the other
person reads the second half.  If both halves verify, there is no
man-in-the-middle.  The length of the number determines the security, but
since it is derived from the Diffie-Hellman exchange, neither side can
control its value.  Probably 6 digits is enough.

>... There should be a means to cache credentials after an initial
>trust relationship between communicating parties has been established.

Cache entries would be a way for someone who obtains the phone to be able
to trace your contacts.  (So would a in-phone address book.)  Automatic
authentication also might make it easier to spoof the phone's owner.

Cheers - Bill


-------------------------------------------------------------------------
Bill Frantz        | "There's nothing so clear as a | Periwinkle
(408)356-8506      | vague idea you haven't written | 16345 Englewood Ave
www.pwpconsult.com | down yet." -- Dean Tribble     | Los Gatos, CA 95032