|
|
|
|
|
|
by mleonhard
1934 days ago
|
|
|
This is an interesting idea. I see two limitations and I'm curious how they could be overcome: 1. The peers must communicate to decide in advance which intervals to use. If those communications are encrypted with the shared stream using previously exchanged intervals, then the security of each session depends on the previous session. Breaking one session also breaks all future sessions. 2. Attackers can capture and save samples of the random bit stream and test intercepted communications against those samples. They won't get all of the victim communications, but they will get some. Combined with the chaining problem above, this could let them eventually crack all established streams. |
|
|
They can just both do random sampling, and later on only use the overlap. That wastes a lot of bits, but requires no up-front communication.
About 2: obviously you wouldn't just use straight one-time pad, but use the random bits to arrive at a shared key.
With made up numbers: both parties sample randomly until they have eg 10k bits in common, then hash that down to eg 256 bits they need for a shared key.
If they use a decent hashing scheme, the only requirement for its security is that they share at least about 256 bits that the attacker has not seen. (It doesn't matter how many common bits the attacker has seen, only how many Eve hasn't seen.)