5/17 Suppose two people have a common medium and want to contact each
other and want to minimize interception by others (e.g. spy in foreign
country using the newpaper ad for secret communications). What's
the best way to go about this?
\_ Public key/private key encryption. But if you start posting
encrypted messages to the motd, they will be deleted. Can't
you and EE UCLA guy just meet somewhere for drinks?
\_ let's say I give you my public key, and the UCLA guy encodes
his messages to me using my public key and I decode it. How
do I know it's REALLY him since anyone can use my key?
You see the problem with that logic?
\_ also, suppose anyone posts a public key and the UCLA guy
mistakens it and encodes his message. Then he would be
exposed right?
\_ Encode with his private key then your public key.
Isn't this one of the standard textbook security
problems?
\_ BTW, which NT/Unix e-mail programs support public key /
private key across the internet? Thanks.
\_ mutt?
\_ Go back to class. You sign with your private key, which
can be decrypted with your public key. You encode the
whole message with his public key, which can be decrypted
with his private key. Kids today...
\_ I think the previous posters were referring to
receiving messages, not sending. -- yuen
\_ I think ucla ee guy and ucla cs are are really the same guy.
\_ Maybe their name is Norman.
\_ Depends on circumstance. Ideal would be a minimalized ciphertext
"dictionary" which could be memorized. A few code words and you're
done. Of course it would be good for a couple of uses, tops.
\_ PGP/GPG should be ok, though, key exchange is a problem since
you can't trust any keys posted on motd. You might need to contact
the key holder in person to make sure that the posted key
fingerprint indeed belongs to her/him.
\_ or sign up with verisign(those bastards)
\_ what is wrong with signing your own public key and send it
to the receipent?
\_ then the recipient needs to have a -trusted- copy of the
sender's public key in order to verify the signature.
Chicken and egg problem. I'd say that if the two parties
don't agree in advance about the medium of communication
and the public keys, this problem is unsolvable unless these
two guys are -very- creative and smart ..
\_ Too many geeks here. Reread the question. Do you want minimize
the chance of interception, the fact that you are sending a
message, the fact you are sending a secret message, the chance
of someone else decoding the message, or the odds your message
will be delivered accurately? Given your example of two people
communicating via a newspaper, I'd recommend against the PGP
encrypted message dictated to the fat fingers of a desk clerk.
\_ Not to mention the fact that publishing a line of obviously
encoded text is likely to draw attention.
\_ come on guys this is a very classic encryption problem and none
of you morons have a sol'n to this. How pathetic -crypto king
\_ to those people who supposedly have scripts to monitor who writes
what on the motd, do everybody a favor and just reveal who ucla ee
and ucla cs guy are and get it all over with. |
http://csua.com/feed/