[serval-project-dev] Re: We have store-and-forward SMS working on the mesh
Paul Gardner-Stephen
paul.gardner.stephen at gmail.com
Thu Nov 24 02:38:29 PST 2011
Hello,
On Nov 22, 11:23 pm, Outback Dingo <outbackdi... at gmail.com> wrote:
> On Tue, Nov 22, 2011 at 8:00 AM, Paul Gardner-Stephen
>
> <p... at servalproject.org> wrote:
> > Seehttp://servalpaul.blogspot.com/2011/11/demonstrating-serval-rhizome-s...
> > for some details, video and cartoon to explain a little of how it
> > works. I am also working on a white paper that describes it in much
> > more detail.
>
> Sounds nice in theory, but what about message security....... if
> someone elses phone contains the message as a courier device
> could it not be intercepted and read by a devious user?
I am writing a paper at the moment that describes the solution in more
detail, but what we intend to do is use the public key in a Curve25519
auth-crypt cryptosystem that is a recipient's network address on a
Serval network to encrypt the message so that only the rightful
recipient can decrypt it.
Thus we are already planning to do what Breno suggested. Curve25519 is
a nice crypto system for this, because it is quite fast, which is good
for phones, and it is also very strong with relatively short keys (256
bits), offering something close to RSA2048 in terms of resistance to
known attacks. On the down side, it has not been out very long, so we
might get exposed by some future vulnerability.
If the public key is not known, a fallback that offers deterrent value
only is to use the recipient's phone number to generate a hash that is
used as the basis of the encryption for the message, so that you need
to know the phone number the message is addressed to to receive it.
This isn't amazing protection, but it is better than nothing if the
public key is not known ahead of time. We will warn users before
applying this fall-back scheme that there is basically no security.
Paul.
>
> > --
> > You received this message because you are subscribed to the Google Groups "village-telco-dev" group.
> > To post to this group, send email to village-telco-dev at googlegroups.com.
> > To unsubscribe from this group, send email to village-telco-dev+unsubscribe at googlegroups.com.
> > For more options, visit this group athttp://groups.google.com/group/village-telco-dev?hl=en.
--
You received this message because you are subscribed to the Google Groups "Serval Project Developers" group.
To post to this group, send email to serval-project-developers at googlegroups.com.
To unsubscribe from this group, send email to serval-project-developers+unsubscribe at googlegroups.com.
For more options, visit this group at http://groups.google.com/group/serval-project-developers?hl=en.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list