At 11:49 PM 1/31/95, Thomas Grant Edwards wrote:
On Tue, 31 Jan 1995, Eric Hughes wrote:
Just because plain old Diffie Hellman is subject to active attack doesn't mean it's useless. Some protection is better than no protection at all. It's still worthwhile implementing some security to make an opponent's task harder than to implement no security.
I'm curious though if there is some way to reduce the risk or at least increase the detectability of active DH spoofing. I am thinking of the use of a trusted adjudicator who could receive information from both the original participants and check to see if the two keys matched.
Does anyone see a good solution to this problem? .... I trust that that the attack refered to is the "man-in-the-middle". I find it very curious that there is a simple fix to the attack for the enctrypted voice channel. Each unit displays to its human a few bits of g^(xy). One human quotes them vocally to the other. If there is a man in the middle the bits are unlikely to match. What I find curious is that there seems to be no automated analog to this precaution. It has to do with the difficulty of substituting the vocal signals that code these bits. This is too hard for either computer or man (in the middle). I write to stimulate a solution. I have none.