[Freedombox-discuss] Tap-to-share PGP key exchange

Subject: [Freedombox-discuss] Tap-to-share PGP key exchange
From: timur.mehrvarz@googlemail.com (Timur Mehrvarz)
Date: Thu, 06 Oct 2011 00:16:43 +0200
Message-id: <[🔎] 4E8CD74B.8080308@googlemail.com>
In-reply-to: <[🔎] CAM-YhhAzfRoSinwJXU9Wo=i4uPOOeAyhSrGAGMYQa4OGn7LMfg@mail.gmail.com>
References: <1316794602.19150.140258146975101@webmail.messagingengine.com> <8762ki69vx.fsf@debian.home> <20110925155424.GR25711@leitl.org> <20110926070306.2349b14c.weaver@riseup.net> <4E80D173.7020907@googlemail.com> <4E8482E9.40109@googlemail.com> <4E849282.4010401@fifthhorseman.net> <4E85AC0A.9020808@googlemail.com> <1317390628.14509.2.camel@blacksword.home> <4E85CDB1.7000305@googlemail.com> <4E85D574.2000504@fifthhorseman.net> <4E85D9FF.30909@googlemail.com> <263ECD56-31B9-4396-AD5D-9B3F99F76D40@prol.etari.at> <4E85EB8B.3090808@fifthhorseman.net> <F31E695A-A6BF-4DC6-BD78-CFB78B1CF2C0@prol.etari.at> <4E85FE31.6000602@fifthhorseman.net> <4E861879.4080303@googlemail.com> <4E8621ED.8000404@fifthhorseman.net> <4E863C65.7090001@googlemail.com> <[🔎] 19C7A952-AF26-43F4-87B8-4F082C82E88C@prol.etari.at> <[🔎] 4E8B2C90.6030203@googlemail.com> <[🔎] 4E8B3681.4010904@fifthhorseman.net> <[🔎] 4E8B707B.1010106@googlemail.com> <[🔎] CAM-YhhAzfRoSinwJXU9Wo=i4uPOOeAyhSrGAGMYQa4OGn7LMfg@mail.gmail.com>

On 04.10.2011 23:02, Nick Daly wrote:
> For Secure Simple Paring, each device would transmit its
> device ID along with the bluetooth key.  If any device sees another
> device send its own ID before the lock is confirmed, it sends a panic
> signal and the paring attempt is canceled.  Worst case scenario with
> MITM attack: no paring is possible.  Much better than an inappropriate
> paring.

10^6 bruteforce against roaming around mobile devices is far more
unlikely to succeed than 10^6 against a fixed line machine.

Plus, when using NFC, there is no discovery phase. The more-than-1-inch
wireless conversation will start "out of the blue" and directly between
the tapped devices, making the business of an attacker really really  hard.

I'm all for implementing a cool assisted optical verification feature.
But this can and should be communicated as "a gimmick for the paranoid"
rather than as a necessity.

Timur

Reply to:

References:
- [Freedombox-discuss] identicons are not strong crypto [was: Re: Tap-to-share PGP key exchange]
  - From: alexs@prol.etari.at (Alex Stapleton)
- [Freedombox-discuss] Tap-to-share PGP key exchange
  - From: timur.mehrvarz@googlemail.com (Timur Mehrvarz)
- [Freedombox-discuss] Tap-to-share PGP key exchange
  - From: dkg@fifthhorseman.net (Daniel Kahn Gillmor)
- [Freedombox-discuss] Tap-to-share PGP key exchange
  - From: timur.mehrvarz@googlemail.com (Timur Mehrvarz)
- [Freedombox-discuss] Tap-to-share PGP key exchange
  - From: nick.m.daly@gmail.com (Nick Daly)

Prev by Date: [Freedombox-discuss] Tap-to-share PGP key exchange
Next by Date: [Freedombox-discuss] Tap-to-share PGP key exchange
Previous by thread: [Freedombox-discuss] Tap-to-share PGP key exchange
Next by thread: [Freedombox-discuss] Tap-to-share PGP key exchange
Index(es):
- Date
- Thread