Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:13:58
Ray Jones (rjones@pobox.com)
01 Sep 1998 15:12:04 +0000
bram <bram@gawth.com> writes:
> On 31 Aug 1998, Ray Jones wrote:
> > Alice and Bob each choose a random salt (Sa and Sb), and trade them.
> > they each compute H(Sa+Sb+Number), where Number is their personal
> > number/fetish/secret, and H is a secure hash.
> >
> > they then take turns sending each other a bit from the result. if the
> > bits match at each step, they can be reasonably sure they started with
> > the same secret. they can iterate with new salt values until they're
> > convinced.
>
> Unfortunately, that can potentially leak information about what either
> party had as a number even if they don't have the same number. I think a
> complete solution must of necessity involve considerable more
> cryptographic trickery.
is this true if the hash is one-way? and/or if the other method i
listed is used (exchange only one bit in each direction, then choose
new salts and repeat)? the salts should use simultaneous exchange, to
keep them independent.
i wonder if the method has been looked at before. does anyone
recognize it?
i looked at AC again last night, and the method listed there is:
1- Alice hashes her secret into a phone number, and calls it.
2- if it's valid, she leaves a message for Bob.
3- if it's not, rehash and repeat.
4- Alice tells Bob how many times she hashed her secret.
5- Bob hashes his secret that many times, calls and asks for any
messages for him.
if the number of possible secrets is small, then both of these methods
fall to a dictionary attacks, though in the second case, Bob has to
spend quite a while on the phone.
ray jones
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:13:58