[148498] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

[Cryptography] =?windows-1252?q?Security_Discussion=3A_Password_B?=

daemon@ATHENA.MIT.EDU (SafeChat.IM)
Tue Dec 17 17:14:09 2013

X-Original-To: cryptography@metzdowd.com
From: "SafeChat.IM" <info@safechat.im>
Resent-From: "SafeChat.IM" <info@safechat.im>
Date: Tue, 17 Dec 2013 22:58:26 +0100
Resent-To: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
To: crypto@lists.securityfocus.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com


--===============5710681827519306569==
Content-Type: multipart/alternative; boundary="Apple-Mail=_FD9B018B-D273-40E5-A863-C192B1AE0AE0"


--Apple-Mail=_FD9B018B-D273-40E5-A863-C192B1AE0AE0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=windows-1252

Dear mailing list,
=20
A friend and me are working on a plugin that enables encryption on top =
of Facebook messaging. The idea is to encrypt messages before they leave =
the chat client, sending only the cipher to Facebook and decrypt the =
message on the receiver client, before it is displayed. The plugin =
automatically realizes which users have it installed and only encrypts =
these chats.
=20
Since the reliability of the cryptographic system is a crucial part of =
the design, I would to discuss the protocol here:
=20
First, we use PBKDF2 to derive a 256 bit data block from a passphrase =
the user chooses and a salt (the username). We advise the user to use a =
long and hard-to-guess passphrase. We use Parvez Anandam=92s JavaScript =
implementation [1].
=20
This data block serves as the private key for a secp256r1 elliptic =
curve. We cannot use a random private key, as we have to be able to =
generate the same private key on different devices of the user. Given =
this private key, and another user=92s public key (exchange through a =
public key server), we calculate the shared key as defined in the =
Elliptic curve Diffie=96Hellman (ECDH) key agreement protocol:
=20
Given Alice=92s private key =91a=92 and the elliptic curve =91G=92 =
(defined by the secp256r1 parameters), Alice=92s public key =91A=92 is =
defined as:
=20
A =3D a*G
(Analogously for Bob: B =3D b*G)
=20
If Alice has her private key =91a=92 and Bob=92s public key B, she can =
calculate the shared key S
=20
S =3D a*B =3D a*b*G
=20
Bob has his private key =91b=92 and Alice=92s public key =91A=92 to =
derive the same secret:
=20
S=92 =3D b*A =3D b*a*G =3D a*b*G =3D S
=20
Tom Wu=92s library [2] is used to implement all ECDH related stuff.
=20
The shared secret together with a random salt is used as a starting =
block to generate a 256bit AES key, which eventually encrypts the =
message. The cipher and the random salt are sent to the other person, so =
that he can reproduce the symmetric key. We use the Gibberish library =
for that purpose [3].
=20
Our process is also depicted here: http://goo.gl/ghzWSl
=20
Do you see a problem with that approach? I am looking forward to =
comments and concerns.
=20
Thanks!
Felix
=20
[1] http://anandam.com/pbkdf2/
[2] http://www-cs-students.stanford.edu/~tjw/jsbn/
[3] https://github.com/mdp/gibberish-aes=

--Apple-Mail=_FD9B018B-D273-40E5-A863-C192B1AE0AE0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=windows-1252

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dwindows-1252"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><meta =
http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dwindows-1252"><div style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><b =
id=3D"docs-internal-guid--7464a69-01b7-5e75-8b73-89673e4e1507"><div =
style=3D"line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt; "><span =
style=3D"font-size: 15px; font-family: Arial; font-weight: normal; =
vertical-align: baseline; white-space: pre-wrap; ">Dear mailing =
list,</span></div><p dir=3D"ltr" style=3D"line-height: 1.15; margin-top: =
0pt; margin-bottom: 0pt; "><span style=3D"font-size: 15px; font-family: =
Arial; font-weight: normal; vertical-align: baseline; white-space: =
pre-wrap; "> </span></p><div style=3D"line-height: 1.15; margin-top: =
0pt; margin-bottom: 0pt; "><span style=3D"font-size: 15px; font-family: =
Arial; font-weight: normal; vertical-align: baseline; white-space: =
pre-wrap; ">A friend and me are working on a plugin that enables =
encryption on top of Facebook messaging. The idea is to encrypt messages =
before they leave the chat client, sending only the cipher to Facebook =
and decrypt the message on the receiver client, before it is displayed. =
The plugin automatically realizes which users have it installed and only =
encrypts these chats.</span></div><p dir=3D"ltr" style=3D"line-height: =
1.15; margin-top: 0pt; margin-bottom: 0pt; "><span style=3D"font-size: =
15px; font-family: Arial; font-weight: normal; vertical-align: baseline; =
white-space: pre-wrap; "> </span></p><div style=3D"line-height: 1.15; =
margin-top: 0pt; margin-bottom: 0pt; "><span style=3D"font-size: 15px; =
font-family: Arial; font-weight: normal; vertical-align: baseline; =
white-space: pre-wrap; ">Since the reliability of the cryptographic =
system is a crucial part of the design, I would to discuss the protocol =
here:</span></div><p dir=3D"ltr" style=3D"line-height: 1.15; margin-top: =
0pt; margin-bottom: 0pt; "><span style=3D"font-size: 15px; font-family: =
Arial; font-weight: normal; vertical-align: baseline; white-space: =
pre-wrap; "> </span></p><div style=3D"line-height: 1.15; margin-top: =
0pt; margin-bottom: 0pt; "><span style=3D"font-size: 15px; font-family: =
Arial; font-weight: normal; vertical-align: baseline; white-space: =
pre-wrap; ">First, we use PBKDF2 to derive a 256 bit data block from a =
passphrase the user chooses and a salt (the username). We advise the =
user to use a long and hard-to-guess passphrase. We use Parvez Anandam=92s=
 JavaScript implementation [1].</span></div><p dir=3D"ltr" =
style=3D"line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt; "><span =
style=3D"font-size: 15px; font-family: Arial; font-weight: normal; =
vertical-align: baseline; white-space: pre-wrap; "> </span></p><div =
style=3D"line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt; "><span =
style=3D"font-size: 15px; font-family: Arial; font-weight: normal; =
vertical-align: baseline; white-space: pre-wrap; ">This data block =
serves as the private key for a secp256r1 elliptic curve. We cannot use =
a random private key, as we have to be able to generate the same private =
key on different devices of the user. Given this private key, and =
another user=92s public key (exchange through a public key server), we =
calculate the shared key as defined in the Elliptic curve Diffie=96Hellman=
 (ECDH) key agreement protocol:</span></div><p dir=3D"ltr" =
style=3D"line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt; "><span =
style=3D"font-size: 15px; font-family: Arial; font-weight: normal; =
vertical-align: baseline; white-space: pre-wrap; "> </span></p><div =
style=3D"line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt; "><span =
style=3D"font-size: 15px; font-family: Arial; font-weight: normal; =
vertical-align: baseline; white-space: pre-wrap; ">Given Alice=92s =
private key =91a=92 and the elliptic curve =91G=92 (defined by the =
secp256r1 parameters), Alice=92s public key =91A=92 is defined =
as:</span></div><p dir=3D"ltr" style=3D"line-height: 1.15; margin-top: =
0pt; margin-bottom: 0pt; "><span style=3D"font-size: 15px; font-family: =
Arial; font-weight: normal; vertical-align: baseline; white-space: =
pre-wrap; "> </span></p><div style=3D"line-height: 1.15; margin-top: =
0pt; margin-bottom: 0pt; "><span style=3D"font-size: 15px; font-family: =
Arial; font-weight: normal; vertical-align: baseline; white-space: =
pre-wrap; ">A =3D a*G</span></div><div style=3D"line-height: 1.15; =
margin-top: 0pt; margin-bottom: 0pt; "><span style=3D"font-size: 15px; =
font-family: Arial; font-weight: normal; vertical-align: baseline; =
white-space: pre-wrap; ">(Analogously for Bob: B =3D b*G)</span></div><p =
dir=3D"ltr" style=3D"line-height: 1.15; margin-top: 0pt; margin-bottom: =
0pt; "><span style=3D"font-size: 15px; font-family: Arial; font-weight: =
normal; vertical-align: baseline; white-space: pre-wrap; "> =
</span></p><div style=3D"line-height: 1.15; margin-top: 0pt; =
margin-bottom: 0pt; "><span style=3D"font-size: 15px; font-family: =
Arial; font-weight: normal; vertical-align: baseline; white-space: =
pre-wrap; ">If Alice has her private key =91a=92 and Bob=92s public key =
B, she can calculate the shared key S</span></div><p dir=3D"ltr" =
style=3D"line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt; "><span =
style=3D"font-size: 15px; font-family: Arial; font-weight: normal; =
vertical-align: baseline; white-space: pre-wrap; "> </span></p><div =
style=3D"line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt; "><span =
style=3D"font-size: 15px; font-family: Arial; font-weight: normal; =
vertical-align: baseline; white-space: pre-wrap; ">S =3D a*B =3D =
a*b*G</span></div><p dir=3D"ltr" style=3D"line-height: 1.15; margin-top: =
0pt; margin-bottom: 0pt; "><span style=3D"font-size: 15px; font-family: =
Arial; font-weight: normal; vertical-align: baseline; white-space: =
pre-wrap; "> </span></p><div style=3D"line-height: 1.15; margin-top: =
0pt; margin-bottom: 0pt; "><span style=3D"font-size: 15px; font-family: =
Arial; font-weight: normal; vertical-align: baseline; white-space: =
pre-wrap; ">Bob has his private key =91b=92 and Alice=92s public key =91A=92=
 to derive the same secret:</span></div><p dir=3D"ltr" =
style=3D"line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt; "><span =
style=3D"font-size: 15px; font-family: Arial; font-weight: normal; =
vertical-align: baseline; white-space: pre-wrap; "> </span></p><div =
style=3D"line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt; "><span =
style=3D"font-size: 15px; font-family: Arial; font-weight: normal; =
vertical-align: baseline; white-space: pre-wrap; ">S=92 =3D b*A =3D =
b*a*G =3D a*b*G =3D S</span></div><p dir=3D"ltr" style=3D"line-height: =
1.15; margin-top: 0pt; margin-bottom: 0pt; "><span style=3D"font-size: =
15px; font-family: Arial; font-weight: normal; vertical-align: baseline; =
white-space: pre-wrap; "> </span></p><div style=3D"line-height: 1.15; =
margin-top: 0pt; margin-bottom: 0pt; "><span style=3D"font-size: 15px; =
font-family: Arial; font-weight: normal; vertical-align: baseline; =
white-space: pre-wrap; ">Tom Wu=92s library [2] is used to implement all =
ECDH related stuff.</span></div><p dir=3D"ltr" style=3D"line-height: =
1.15; margin-top: 0pt; margin-bottom: 0pt; "><span style=3D"font-size: =
15px; font-family: Arial; font-weight: normal; vertical-align: baseline; =
white-space: pre-wrap; "> </span></p><div style=3D"line-height: 1.15; =
margin-top: 0pt; margin-bottom: 0pt; "><span style=3D"font-size: 15px; =
font-family: Arial; font-weight: normal; vertical-align: baseline; =
white-space: pre-wrap; ">The shared secret together with a random salt =
is used as a starting block to generate a 256bit AES key, which =
eventually encrypts the message. The cipher and the random salt are sent =
to the other person, so that he can reproduce the symmetric key. We use =
the Gibberish library for that purpose [3].</span></div><p dir=3D"ltr" =
style=3D"line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt; "><span =
style=3D"font-size: 15px; font-family: Arial; font-weight: normal; =
vertical-align: baseline; white-space: pre-wrap; "> </span></p><div =
style=3D"line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt; "><span =
style=3D"font-size: 15px; font-family: Arial; font-weight: normal; =
vertical-align: baseline; white-space: pre-wrap; ">Our process is also =
depicted here: <a =
href=3D"http://goo.gl/ghzWSl">http://goo.gl/ghzWSl</a></span></div><p =
dir=3D"ltr" style=3D"line-height: 1.15; margin-top: 0pt; margin-bottom: =
0pt; "><span style=3D"font-size: 15px; font-family: Arial; font-weight: =
normal; vertical-align: baseline; white-space: pre-wrap; "> =
</span></p><div style=3D"line-height: 1.15; margin-top: 0pt; =
margin-bottom: 0pt; "><span style=3D"font-size: 15px; font-family: =
Arial; font-weight: normal; vertical-align: baseline; white-space: =
pre-wrap; ">Do you see a problem with that approach? I am looking =
forward to comments and concerns.</span></div><p dir=3D"ltr" =
style=3D"line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt; "><span =
style=3D"font-size: 15px; font-family: Arial; font-weight: normal; =
vertical-align: baseline; white-space: pre-wrap; "> </span></p><div =
style=3D"line-height: 1.15; margin-top: 0pt; margin-bottom: 0pt; "><span =
style=3D"font-size: 15px; font-family: Arial; font-weight: normal; =
vertical-align: baseline; white-space: pre-wrap; =
">Thanks!</span></div><div style=3D"line-height: 1.15; margin-top: 0pt; =
margin-bottom: 0pt; "><span style=3D"font-size: 15px; font-family: =
Arial; font-weight: normal; vertical-align: baseline; white-space: =
pre-wrap; ">Felix</span></div><p dir=3D"ltr" style=3D"line-height: 1.15; =
margin-top: 0pt; margin-bottom: 0pt; "><span style=3D"font-size: 15px; =
font-family: Arial; font-weight: normal; vertical-align: baseline; =
white-space: pre-wrap; "> </span></p><div style=3D"line-height: 1.15; =
margin-top: 0pt; margin-bottom: 0pt; "><span style=3D"font-size: 15px; =
font-family: Arial; font-weight: normal; vertical-align: baseline; =
white-space: pre-wrap; ">[1] <a =
href=3D"http://anandam.com/pbkdf2/">http://anandam.com/pbkdf2/</a></span><=
/div><div style=3D"line-height: 1.15; margin-top: 0pt; margin-bottom: =
0pt; "><span style=3D"font-size: 15px; font-family: Arial; font-weight: =
normal; vertical-align: baseline; white-space: pre-wrap; ">[2] <a =
href=3D"http://www-cs-students.stanford.edu/~tjw/jsbn/">http://www-cs-stud=
ents.stanford.edu/~tjw/jsbn/</a></span></div><span style=3D"font-size: =
15px; font-family: Arial; font-weight: normal; vertical-align: baseline; =
white-space: pre-wrap; ">[3] <a =
href=3D"https://github.com/mdp/gibberish-aes">https://github.com/mdp/gibbe=
rish-aes</a></span></b></div></body></html>=

--Apple-Mail=_FD9B018B-D273-40E5-A863-C192B1AE0AE0--

--===============5710681827519306569==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============5710681827519306569==--
home help back first fref pref prev next nref lref last post