Ah--I thought that URL was taking you to a QR code. But I'd call a QR code a written note for those purposes, at least if it's a longterm key (which is what he's talking about). But that brings up another point: when did session keys come into existence? Enigma approximated them.
-
-
Replying to @SteveBellovin
Well the difference is that losing a copy of my Signal QR code doesn’t leak my secret key. Just the fingerprints of my public key. So it’s technically not that far off what the principles were looking for.
3 replies 0 retweets 4 likes -
Replying to @matthew_d_green @SteveBellovin
I wonder when session keys were invented. Surely someone in the classical era must have thought of them as a way to foil cryptanalysis!
2 replies 0 retweets 1 like -
Replying to @matthew_d_green
Right--but I can't think of an example before Enigma, and it only changed part of the ground settings to get the actual session key.
1 reply 0 retweets 0 likes -
Replying to @SteveBellovin
I think it’s an interesting question. I just can’t believe *someone* never thought of it? Even for Vigenere that would have been a game changer.
1 reply 0 retweets 2 likes -
Replying to @matthew_d_green @SteveBellovin
The concept falls most naturally out of an architecture with some kind of automated key distribution scheme, whether that's public key crypto or a Kerberos-like central authority. So it seems natural that it came into use fairly late, after computers.
2 replies 0 retweets 2 likes -
Replying to @mattblaze @SteveBellovin
But even without key exchange: the inspiration for per-message session keys was also to thwart cryptanalysis that might be performed due to the repeated use of long-term keys on lots of message material, right?
2 replies 0 retweets 2 likes -
Replying to @matthew_d_green @SteveBellovin
Sure, but if you don't have some kind of automated key distribution mechanism, why not just have a bigger list of shorter-lived keys in your codebook? The motivation comes from being able to automate it.
3 replies 0 retweets 3 likes -
Replying to @mattblaze @SteveBellovin
Because having a bigger key list would make it impossible to memorize a key?
2 replies 0 retweets 0 likes -
Replying to @matthew_d_green @SteveBellovin
I don't think Enigma was intended for memorized keys; certainly the Nazis used codebooks.
2 replies 0 retweets 2 likes
You know who else used codebooks...? Oh, dammit.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.