Re: [Monotone-devel] netsync transport encryption?

[Dirk Hillbrecht]

Hi,

Cem Karan wrote:
> Poking through the Botan sources, I saw that it supports AES all the
> way through 256 bit keys, and there seems to be support for the
> various modes of encryption (CBC, CFB, etc.), so once the session keys
> are setup, the rest should be pretty easy. [...]
The question is what you want: Encryption or authentication. If you want
a full-blown authentication, than a public key scheme as outlined is
needed. If you, however, only want an encrypted connection (and
authenticate the remote site by other means), then a simple
Diffie-Hellman-key-exchange at the beginning would be sufficient for
setting up the symmetric key. Diffie-Hellman allows to create a secret
session key between two parties through an unencrypted connection
without any third person being able to steal the key - even if that Eve
listens to the complete data traffic. Pretty slick.

Best regards,
Dirk

-- 
--- Dirk Hillbrecht, cantamen GmbH --- address@hidden
--- Odeonstraße 3, 30159 Hannover, http://www.cantamen.de
--- Tel.: +49/511/5902626-0, Fax: +49/511/5902626-4