Author: Martin Habovštiak 2015-02-06 00:36:49
Published on: 2015-02-06T00:36:49+00:00
In this message, the sender suggests trying the RedPhone app, which is called Signal on iPhone. The app is internet-based and end-to-end encrypted, making it a secure way to communicate. The sender explains how the commit protocol works in RedPhone, where the initiator sends a commit message containing a hash of their temporary public ECDH part, the second party sends back their public ECDH part, and then the initiator sends their public ECDH part in the open. All three messages are hashed together, and the first two bytes are used to select two words from a shared dictionary displayed on both screens. The parties communicate the two words and verify they match. This process provides a secure channel for communication.The sender also discusses using the commit protocol in a Bitcoin payment scenario, where the user's phone broadcasts their name, and the merchant inputs the amount and selects the name from the list. The commit message is sent, and the merchant spells four words they see on the screen, which the buyer confirms after verifying that they match. However, the assumption in this scenario is that there exists a secure, proximity-based communication channel.The sender also mentions the difficulty of establishing a secure channel over a public network without a verifiable identity associated with the public key. They suggest using a shared secret phrase, but this process is subject to attack over a public channel. The sender proposes bootstrapping a private session over an untrusted network using a trusted public key, but this process is also subject to attack at the certificate authority (CA). Overall, the message emphasizes the importance of secure communication and the challenges involved in achieving it.
Updated on: 2023-06-09T16:30:54.285775+00:00