[cryptography] Security Discussion: Password Based Key Derivation for Elliptic curve Diffie–Hellman key agreement
iang at iang.org
Wed Dec 18 02:35:21 EST 2013
On 17/12/13 21:38 PM, Joseph Birr-Pixton wrote:
> In very general terms, you cannot hope to achieve confidentiality
> without authenticity.
Actually, you can achieve confidentiality, you just can't prove it in
The original poster should not be dissuaded by claims that no MITM
solution makes it worthless. The same trick was done to SSL and look at
where that got us: mass surveillance because it is too hard to deploy
in 100% of circumstances.
Also, look at Greg Rose's post. The bar is very very low because anyone
who wants to MITM a facebook user can also slip in many other approaches.
Doing just enough to force the attacker to go active -- by *any means*
-- is a really good tool.
In the alternate, add some MITM protection as a second generation.
There are some easy, sorta maybe methods like sharing the number over
another channel (phone, SMS, skype). You can much better appreciate
what works for your design once it is up and running, and once your
users start telling you what they can do. This you cannot achieve at
all if you design in some cold-war PKI design from the get-go.
More information about the cryptography