RE: GeeK: Re: Rivest's Chaffing and Winnowing

Philicious (philen@monkey.org)
Mon, 23 Mar 1998 21:05:33 -0500 (EST)

• Next message: Hamdi Tounsi: "converting hex strings to decimal digits strings"
• Previous message: Matt Thomlinson: "RE: GeeK: Re: Rivest's Chaffing and Winnowing"

On Mon, 23 Mar 1998, Matt Thomlinson wrote:
> you miss the point. Just use winnowing chaffing for what it is best at:
> bootstrapping a secure channel from an authenticated one. After that, resume
> normal crypto usage.
>
> Exchanging a 128-bit key (and then assuming your 200x blowup) = 26000 bits/8
> ~= 3kbytes. Large, but not undoable in terms of bootstapping a new channel.

I'm not quite sure what you gain here. If you plan to use public-key
cryptography, why bother encrypting the public key for transmission? After
all, it is public, you just need to verify the sender. Just send an
authenticated, message and you achieve the same thing. Right? So maybe
someone intercepts the public keys, so what? If you are doing it the
secure way, you are going to encrypt your message twice before
transmission, once with her public key and once with your private. Only
the end parties can exchange messages this way. Encrypted and
authenticated traffic given an authenticated channel.

        -phil

• Next message: Hamdi Tounsi: "converting hex strings to decimal digits strings"
• Previous message: Matt Thomlinson: "RE: GeeK: Re: Rivest's Chaffing and Winnowing"