top | item 44171967

(no title)

doomrobo | 9 months ago

There are middle boxes between the two peers, yes? Routers and such. They observe the encrypted messages. They can brute force the password, even after the session is over.

Even if you assume the PIN is uniformly random (you should not assume this), it is only log2((10+26)^6) ~ 31 bits of entropy. This does not satisfy standard notions of secure channel establishment.

discuss

nenaoki|9 months ago

The pin would just be for coordination, not encryption.

doomrobo|9 months ago

Ah ok. How is the encryption key, if there is one, established then?

avovsya|9 months ago

You're right, thank you for answering!