The MITM attack is thwarted by Lucky's note:
DH and have the parties each read half of a hash of the public ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ exponentials. No keys to store, no keys to remember, no keys to compromise. ^^^^^^^^^^^^^
Each party reads off a series of digits displayed on their screen. Out loud. To each other. Over the secure phone.
The MITM attacker can't duplicate the hash on both ends, because a hash of the public keys used to make the connection are different between the MITM's public key and the real public keys.
In addition, to keep life even more interesting, prior to exchanging the public exponentials g^x and g^y, commitments (hashes) to those values are exchanged... If the commitments don't match the final values, the protocol terminates. See http://www.comsec.com/vp1-protocol.ps for all the details. Eric