David Jablon (dpj@world.std.com)
Tue, 01 Sep 1998 23:17:57 -0400
>On 31 Aug 1998, Ray Jones wrote:
>> Alice and Bob each choose a random salt (Sa and Sb), and trade them.
>> they each compute H(Sa+Sb+Number), where Number is their personal
>> number/fetish/secret, and H is a secure hash. [...]
At 12:12 AM 9/1/98 -0700, bram wrote:
>Unfortunately, that can potentially leak information about what either
>party had as a number even if they don't have the same number. [...]
In particular, they need a public-key method to prevent
brute-force attack if Number is from a small space.
In that case, they could use a password-authenticated
Diffie-Hellman trick:
A->B: (g^x)+Number mod p
B->A: (g^y)+Number mod p
A,B: K = g^(x y) mod p
Then Alice and Bob can reveal K to each other without
revealing Number. If they want to flirt, they can slowly
reveal K a little bit at a time.
Details on this and related methods are at ...
<http://world.std.com/~dpj/>
-- David
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:13:58