Score:0

Which solution is the more protected?

in flag

I am wondering which of these two solutions is better for security on the long run. The problem is:

Alice and Bob exchange a secret key/private key. Then they go far away from each other and never have the opportunity to exchange a private key again. They will use the private key to exchange messages intensively (let's say 1 per 20 minutes for years).

Which option is the best secured?

  • Just let the private key as it is, for all the time, with the risk that a brute force attack succeds at some time: example: the private key is 1234
  • Regularly change with a pre-set manner the private key, using today's date: example: 107212320422 on 07/12/2022, 108212320422 on 08/12/2022: thus the keychanges reguarly so brute force attacks could not work, but is the part that is still the same (the 1xx2xx3xx4 template) a vulnerability?

Of course, I am also interested in a better solution than those two :)

kelalaka avatar
in flag
There is WPA-PSK protocol that you might be interested.
Score:0
si flag

The classic One Time Pad is actually viable for such a scenario. If they can keep it safe, and ensure they never re-use any part of it, they could just exchange 8TB hard drives full of pad material. With one pad per direction, if messages are 10kiB, that gives them 29 years worth of pad material. They'd have to occasionally copy the pad material to new drives, and would likely need some redundancy in practice, and would have to securely destroy the old drives as they wear out (a shredder is best), but it's perfectly secure otherwise.

The "meet once, exchange data, then never have a trusted channel again" scenario is exactly what One-Time pads are useful for. It's also why they're so rare in real use, because that's a very rare scenario.

totalMongot avatar
in flag
Thank you for the answer but that does not fit my need, since they don't plan to meet again
SAI Peregrinus avatar
si flag
That's the point of the OTP. If 29 years of 10kiB messages isn't enough, use bigger pads.
totalMongot avatar
in flag
Yes I understand but I would like to find a solution to generate the key instead of stocking it somewhere before
SAI Peregrinus avatar
si flag
The "never exchange keys again" is the hard part. It's quite easy to use something like the Signal protocol to get a good forward-secure key ratchet, but as stated the puzzle is much more difficult. Real-world protocols tend not to have such a restriction on the contents of communications.
totalMongot avatar
in flag
What is the signal protocol?
SAI Peregrinus avatar
si flag
https://en.wikipedia.org/wiki/Signal_Protocol and https://signal.org/docs/
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.