At 3:41 PM -0800 1/16/97, Adam Back wrote:
Bill Frantz <frantz@netcom.com> writes:
At 4:39 AM -0800 1/16/97, Adam Back wrote:
- PIN for phone's RSA signature keys
It is not clear you need signatures in the secure phone case. Eric Blossom's 3DES uses straight DH for key exchange with verbal verification that both ends are using the same key.
How does Eric's box display the negotiated key to the user? (I don't recall the pair I saw having displays).
I have not seen the production box, I am going from my memory of Eric's preproduction description at a meeting last spring. I hope someone who knows what they are talking about will butt in here if I am wrong. The box has a 3 or 4 digit display which displays "something" about the 3DES key, where "something" is some of the bits, or a hash, or ... With 3 decimal digits, a MIM attacker has a 999 out of 1000 chance of getting caught. ------------------------------------------------------------------------- Bill Frantz | Client in California, POP3 | Periwinkle -- Consulting (408)356-8506 | in Pittsburgh, Packets in | 16345 Englewood Ave. frantz@netcom.com | Pakistan. - me | Los Gatos, CA 95032, USA