[Verifpal] Authenticating keys with a hash sent over a second channel

Alexander Krotov ilabdsf at gmail.com
Sun Jan 5 11:42:25 CET 2020


> It models Alice sending her public key over the network to Bob, while at
> the same time showing a QR code of the key hash to him. Bob then
> computes the same key and verifies that the key is valid.

I am also not sure if there is a better way to model transmission over
the QR code. Guarded values only prevent attacker from modifying the
values, but with QR code an attacker also does not know the value of
"AUTH". A workaround I can think of is to also create a known private
symmetric key and use it only to encrypt the QR code.



More information about the Verifpal mailing list