[2337] in cryptography@c2.net mail archive
RE: GeeK: Re: Rivest's Chaffing and Winnowing
daemon@ATHENA.MIT.EDU (Philicious)
Mon Mar 23 21:29:10 1998
Date: Mon, 23 Mar 1998 21:05:33 -0500 (EST)
From: Philicious <philen@monkey.org>
To: Matt Thomlinson <mattt@microsoft.com>
Cc: Matt Blaze <mab@crypto.com>, Bill Stewart <bill.stewart@pobox.com>,
coderpunks@toad.com, cryptography@c2.net
In-Reply-To: <5CEA8663F24DD111A96100805FFE658705449B54@red-msg-51.dns.microsoft.com>
On Mon, 23 Mar 1998, Matt Thomlinson wrote:
> you miss the point. Just use winnowing chaffing for what it is best at:
> bootstrapping a secure channel from an authenticated one. After that, resume
> normal crypto usage.
>
> Exchanging a 128-bit key (and then assuming your 200x blowup) = 26000 bits/8
> ~= 3kbytes. Large, but not undoable in terms of bootstapping a new channel.
I'm not quite sure what you gain here. If you plan to use public-key
cryptography, why bother encrypting the public key for transmission? After
all, it is public, you just need to verify the sender. Just send an
authenticated, message and you achieve the same thing. Right? So maybe
someone intercepts the public keys, so what? If you are doing it the
secure way, you are going to encrypt your message twice before
transmission, once with her public key and once with your private. Only
the end parties can exchange messages this way. Encrypted and
authenticated traffic given an authenticated channel.
-phil
