A nagging question strikes me: If both parties must share the secret winnowing authentication key, how do you transport the key securely without public/private encryption? Transportation of the encrypting key by insecure channels gives public/private key encryption a practical advantage over shared key methods like one-time pads and this method. If winnowing/chaffing could transport the secret authentication key securely without encryption, it'd be "the bomb", as they say. The authentication key could be integrated into off-the-shelf products with checksums and signatures for authenticity, but the manufacturer can still tap. Is there a way to transfer the shared secret securely without encryption? If not, cryptofascist legislation would still hurt. Joe Everybody can't use diplomatic pouches. Mark Hedges Anonymizer, Inc. >Chaffing and Winnowing: Confidentiality without Encryption > > Ronald L. Rivest > MIT Lab for Computer Science > March 21, 1998 > http://theory.lcs.mit.edu/~rivest/chaffing.txt > >There is a secret key shared by the sender and the receiver to >authenticate the origin and contents of each packet---the legitimate >receiver, knowing the secret authentication key, can determine that a >packet is authentic by recomputing the MAC and comparing it to the >received MAC. If the comparison fails, the packet and its MAC are >automatically discarded.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:06:44 PDT