Anonymous Key Exchange

 Top  Previous  Next

An anonymous key exchange procedure occurs whenever either the sender or receiver of information is not specified with a known key.

Every user has an "anonymous" pgp keypair which can change frequently, and which is never shared via keyservers, etc.

These "anonymous" keys reveal nothing about the user and so are safe to broadcast in plain text.

 

The following basic procedure is used when the recipient of a communique is specified as Anonymous:

 

1.Assume that person A wants to send a message to an unknown person B.
2.The sender (A) asks the intended recipient (B) for the hex ID of the recipient's anonymous key.
3.(B) sends the hex ID of their anonymous key to (A), which is a very short value which takes up minimum bandwidth.
4.(A) receives the hex id from (B) and sees if they already have (B)'s anonymous public key in their keyring from a prior conversation.
5.If not, (A) asks (B) to send (B)'s public key in plain text, which (B) does automatically (unless B's options forbid it).
6.(A) now encrypts the message to (B)'s public key and sends it.

 

Risks:

 

When you send a message to an anonymous person, a man-in-the-middle attack could theoretically intercept (B)'s public key and replace it with their own and pass their own key to (A).

Unless (A) signs his message with a key known to (B), (B) cannot be sure who is the originator of the message, and a man-in-the-middle attack could be used to impersonate (A).

Man-in-the-middle attacks would require fairly sophisticated manipulation by someone with access to the communication lines on irc (either on bnc, server, or isp), but remains a possibility.  For maximum security, users should exchange Permanent keys through external means (email, etc), and use these keys when conversing.

 

Note that exchanging public keys outside of irc is infinitely more secure than exchanging Symmetric blowfish/mircryption channel keys outside of irc, because just intercepting public keys from your email will do no one any good unless they can ALSO mount a man-in-the-middle attack on the irc server or your isp.