[liberationtech] PGP is hard to use and needs stuff installed on your computer. Use PassLok instead.
Francisco Ruiz
ruiz at iit.edu
Mon Jul 29 13:52:20 PDT 2013
@Tony
On Sun, Jul 28, 2013 at 1:32 PM, Francisco Ruiz <ruiz at iit.edu
<https://mailman.stanford.edu/mailman/listinfo/liberationtech>> wrote:
>* - How do I communicate a password to Bob? Before I "get a crucial bit*>* of information" to Bob, I need to first get a crucial bit of information*>* to Bob?*>**>* Alice should send her Lock (public key) to Bob rather than anything*>* secret.*>**
How? At the very least Alice/Bob need an authenticated/trusted channel for
this.
If Alice sends Bob her "public key" over an untrusted channel, it can be
intercepted by an MitM posing as Bob who can then intercept all traffic
between Alice/Bob
--
Tony Arcieri
Hi Tony, I actually worried about this quite a bit. The best solution I
could think of is making a hashed ID
of the public key (PassLok has a button for that), which Alice/Bob can
dictate over the phone, thus authenticating
the key.
Any other ideas?
Francisco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130729/a453861d/attachment.html>
More information about the liberationtech
mailing list