[855] in cryptography@c2.net mail archive
Re: Tea Leaves: Ephemeral Shared Entropy
daemon@ATHENA.MIT.EDU (Bill Stewart)
Fri May 16 14:18:45 1997
Date: Thu, 15 May 1997 20:31:53 -0700
To: Nick Szabo <szabo@best.com>
From: Bill Stewart <stewarts@ix.netcom.com>
Cc: cryptography@c2.net
In-Reply-To: <199705150142.SAA21862@shell7.ba.best.com>
At 06:42 PM 5/14/97 -0700, Nick Szabo wrote:
>If Alice meets Bob at a party, how many bits of entropy can they
>privately generate to use for future remote communications between them?
>What I'm after is "shared entropy": unguessable numbers known only
>to Alice and Bob.
>With this we can construct an add-on to public key cryptosystems which
>provides forward secrecy and parallel fallback mechanisms for
>confidentiality and authentication.
How many bits of shared secret are you looking for?
Will rolling a few dice do? Pulling Scrabble(tm) tiles out of a bag?
Picking a few words at random out of a dictionary or other book?
(Probably easier to remember "Squeamish Ossifrage" than HHTHTHHHTHTTTH,
though the security of Hash(secret, hash( session_id, secret ))
or 3DES(counter, secret) really depends on the number of bits of entropy
in the secret rather than the alphabet you're representing them in.)
The advantage of public-key cryptosystems is that you don't need
shared secrets; you can share public keys to support future signatures,
and if you want to generate shared secrets, you can use Diffie-Hellman
(with signatures to prevent MITM.) You're also far more secure,
since you can keep the public keys for your correspondents in
less protected storage than you'd need for N secret keys.
(That yellow sticky note on your wall is fine, for instance,
as long as you write in ink and use very good glue :-)
# Thanks; Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
# (If this is a mailing list, please Cc: me on replies. Thanks.)
