[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

mental cryptography


As we know, security is always relative to a threat model.  For example, most 
cryptographic protocols today will not protect their users against the cloning 
attack I described earlier, nor more mundanely, against video surveilence of 
your computing space.  What can you do if you ARE worried about such attacks?

The answer is doing cryptography in your head.  Well not quite, since many 
cryptographic operations are very computing intensive, and not everyone can do 
1000 bit mental modular exponention in a reasonable amount of time.  But if 
you have a piece of secure hardware that you can trust to do some of these 
operations for you, then all you need is a secure communications channel to 
this piece of hardware.  

There may be other ways, but I suggest that you establish a common key with 
your crypto server ahead of time, and then simply encrypt all your 
communications using a symmetric algorithm.  RC4 may be a reasonable choice, 
since the operations are simple and easy to remember, but you need to keep 
track of a 255-byte state.  WAKE is probably better.  Although it uses a large 
key table, you only have to memorize it once, after which the only state that 
is changing is four 32-bit registers.

I am sure better algorithms can be found for this purpose if mental 
cryptography is made explicit as a design goal.  Perhaps it should be?

 - the Mad Scientist in the Middle

Version: 2.6.2