hi,
If there is no previous shared secret,then ur
communication on an insecure network is susecptable to
the man in the middle attack.
One solution suggested against the man in the middle
attack is using the interlock protocol
InterLock Protocol
Is used to foil a man in the middle attack,
1:>Alice sends Bob her public key
2:>Bob sends Alice his public key
3:>Alice encrypts her message with Bob's public
key.She sends half of the encryped
message to Bob.
4:>Bob encrypts his message using Alice's public
key.He sends half of the encrypted message to
Alice.
5:>Alice sends the other half of encrypted message to
Bob.
6:>Bob puts the 2 halves of Alice's message together &
decrypts it with his private key.Bob sends
the other half of the message to Alice.
7:>Alice puts the 2 halves of Bob's message together &
decrypt it with her private key.
Here Mallory can still substitute his own public key
for Alice & Bob .
Now when he interceprs half of Alice's message,he
cannot decrypt it with his private key &
re-encrypt it with Bob's public key .He must invent a
completely new message & send half of it to
Bob.
When he intercepts half of Bob's message to Alice,he
has the same problem.
He cannot decrypt with his private key & re encrypt
with Alice's public key.
By the time the second half of the message of Alice &
Bob arrive,its already too late to change
the new message he invented.
The conversation between Alice & Bob need to be
completely different.
How ever if Mallory can mimic Alice & Bob,they might
not realise that they are being duped &
may get away with his scheme
here is what i think
It is not compulsary that all the blocks of messages
must be invented by Mallory.
he only need to make the first full message for alice
and send it to bob & vice versa.
ok,eg:
1:>alice send bob part of 1 st block
2:>bob makes the 1 st half on his own and send to bob
& keeps alice's message
3:>now bob sends his first half of message
4:>mallory intercept it and make his own message and
send it to alice
5:>Again bob sends alice the other half of the msg
which mallory intercepts & substitue his own 2nd part
of his block
6:>the same happens when bob sends the second half of
his message to alice,mallory intercepts it and sends
his own 2 nd block to alice.
since he has send one full block to each other & has
the full block of alice's and bob's true
messages,mallory can now split it as half and
complete the protocol
ie,
since the 1 st packet is fake,he has the true packets
of alice & bob & can complete the protocol.
All mallory would have to do is send the half of the
(n th) packet when he receives the half of (n+1)th
packet since the 1 st packet was faked by mallory.
so i dont think the interlock protocol will work in
this case.
thats how i understand it.
am i not rite?
Regards Data.
--- Mike Rosing
On Fri, 28 Jun 2002, Marcel Popescu wrote:
Well... I assume an active MITM (like my ISP). He's able to intercept my public key request and change it. Plus, I now realize I should have put an even harder condition - no previously shared *information*, even if it's public. I need to know if two complete strangers can communicate securely over an insecure network, even if they communicate through an untrusted party. Wasn't there a protocol for two prisoners communicating through an untrusted guard?
Can't be done.
You must have multiple channels, and you need to hope that all of them can't be spoofed. A phone call, a newspaper ad, a bill board, a satallite link, any one of them might be spoofed. But to spoof *all* of them would be very hard.
If you use some kind of "security by obscurity" method, you can do something once. but for general security, it's not possible to just go via the net without an out-of-band check.
A public posting of the key id is a pretty safe way for a large company or organization. A .sig with your key id is another good way, it leaves traces all over the net for a long time. The point is that you have to leave some kind of trace that's checkable via an effective alternate channel. Otherwise, the MITM wins.
Patience, persistence, truth, Dr. mike
__________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com