[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: [email protected]
- Subject: mental cryptography
- From: [email protected]
- Date: Fri, 13 Oct 1995 15:26:57 -0700
- Comments: This message is NOT from the person listed in the Fromline. It is from an automated software remailing service operating atthat address.THE PORTAL SYSTEM DOES NOT CONDONE OR APPROVE OF THE CONTENTS OF THISPOSTING. Please report problem mail to <[email protected]>.
- Sender: [email protected]
-----BEGIN PGP SIGNED MESSAGE-----
As we know, security is always relative to a threat model. For example, most
cryptographic protocols today will not protect their users against the cloning
attack I described earlier, nor more mundanely, against video surveilence of
your computing space. What can you do if you ARE worried about such attacks?
The answer is doing cryptography in your head. Well not quite, since many
cryptographic operations are very computing intensive, and not everyone can do
1000 bit mental modular exponention in a reasonable amount of time. But if
you have a piece of secure hardware that you can trust to do some of these
operations for you, then all you need is a secure communications channel to
this piece of hardware.
There may be other ways, but I suggest that you establish a common key with
your crypto server ahead of time, and then simply encrypt all your
communications using a symmetric algorithm. RC4 may be a reasonable choice,
since the operations are simple and easy to remember, but you need to keep
track of a 255-byte state. WAKE is probably better. Although it uses a large
key table, you only have to memorize it once, after which the only state that
is changing is four 32-bit registers.
I am sure better algorithms can be found for this purpose if mental
cryptography is made explicit as a design goal. Perhaps it should be?
- the Mad Scientist in the Middle
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----