[p2p-hackers] P2P Authentication

[Matthew Kaufman]

Alen Peacock:
>   Signing alone is insufficient for identity verification due 
> to replay attacks.  You could use a nonce, but then the 
> recipient has to guarantee that no nonce is ever reused, 
> which usually reduces either to a massive database lookup 
> problem, or a clock synchronization problem -- neither of 
> which are easily solvable in an untrusted p2p environment 
> (let alone in a trusted network application, where 
> suppress-replay attacks are likely still possible).

Actually the only two things that are required to protect against reply are:
1) if A wants to know that B is who he says he is, then A has to choose the
nonce that B signs

2) when A chooses the nonce, A needs to choose a nonce that hasn't been used
previously with a probability sufficient to make A "certain enough" that B
is who he says he is.

The probability in #2 should be of the same order as the certainty that the
signature itself is valid, and since signature collision is the collision
problem for the hash algorithm in use, you can calculate those odds to
determine the number of strongly random bits required for the nonce. 

Matthew Kaufman
matthew at matthew.at
www.amicima.com

Ps. The important thing is to remember what you're actually protecting
against when you implement cryptographic security... And more important,
that all you're doing is shifting what the easiest attack vector is.
Encrypted P2P VOIP just reduces the market for network sniffers and
increases the market for concealable voice bugs, after all... It doesn't
mean nobody can hear what you're saying.