[Freedombox-discuss] Tap-to-share PGP key exchange
Timur Mehrvarz
timur.mehrvarz at googlemail.com
Wed Oct 5 22:16:43 UTC 2011
On 04.10.2011 23:02, Nick Daly wrote:
> For Secure Simple Paring, each device would transmit its
> device ID along with the bluetooth key. If any device sees another
> device send its own ID before the lock is confirmed, it sends a panic
> signal and the paring attempt is canceled. Worst case scenario with
> MITM attack: no paring is possible. Much better than an inappropriate
> paring.
10^6 bruteforce against roaming around mobile devices is far more
unlikely to succeed than 10^6 against a fixed line machine.
Plus, when using NFC, there is no discovery phase. The more-than-1-inch
wireless conversation will start "out of the blue" and directly between
the tapped devices, making the business of an attacker really really hard.
I'm all for implementing a cool assisted optical verification feature.
But this can and should be communicated as "a gimmick for the paranoid"
rather than as a necessity.
Timur
More information about the Freedombox-discuss
mailing list