On Tue, 22 Feb 2000, Gavin Robert Brewer wrote:
> Hi all,
>
> I have started work on an implementation of the Diffie-Helman public-key
> distribution algorithm, and I am looking for interested hackers who have
> worked on similar projects.
> [SNIP]
> The hard part is over now, (I think!). The rest would be relatively
> straightforward, except that I am a little unsure of how to move a small
> program which can encrypt a few text files, to something a good deal
> professional. The end is in sight, but I need support and feedback.
>
> Thanks everyone,
> Gavin R. Brewer.
I will just give you the run down on a project that I have contemplated
throwing together with publicly available code. I think it is quite neat,
but the security of it will have to be analysed by a wider audience.
Brief protocoll description using strong prime p, and generator g:
Bob generates public key:
1) choose secret passphrase
2) Calculate MD5( passphrase ) and pads it repeadedly to get the number
of bits in p less one.
3) calculates B = g ** md5md5... mod p , and publishes this as public key
( note Bob does not have to keep a private key, just remember his
passphrase )
Alice sends message to Bob:
1) Calculates MD5( message ) and pads to p-1 bits.
2) Calculates k = B ** md5md5... mod p
3) encrypts: ( g ** md5md5... mod p (Mk) , RC4( message , k ) )
4) sends message to Bob
Bob reads message:
1) inputs passphrase, and calculates MD5( passphrase )
2) calculates k = Mk ** md5md5.... mod p
3) decrypts message RC4( message , k )
4) verifies passphrase: MD5(message) -> g ** md5md5... mod p == Mk ?
The neat features of this scheme is that Bob does not have to keep
a private key encrypted, locked away on a disk. But his passphrase
*is* the key.
Furthermore, the scheme does NOT rely on random numbers. This simplifies
the code a great deal. The DH is seeded by a MD5 hash of the message, the
idea beeing that in order to guess the seed, you have to know the message,
and if you know the message, you don't need the seed in the first place.
The hash would need a little bit of salt, otherwise the md5sum of the
message needs to be kept as secret as the message itself.
Mayby this has been proposed here earlier, while I was to busy filtering
spam, and scetching shapes of gravity vessels.
frank
This sentence is unique in this respect; it can safely
be attributed to my employer, Funcom Oslo AS.
There is no place like N59 50.558' E010 50.870'. (WGS84)
I enjoy coffee, and support cafe: http://www.eff.org/cafe/
