Re: Secure comm program, Sockets + LINK
You can't even solve the problem with DH key exchange -- you are subject to "man in the middle" attacks. You must share SOME information via a secure channel in order to have both authentication and privacy on a channel. However, the information exchanged could be small and fairly one-time -- like the public key of a trusted entity that signs other public keys.
How do STU-III phones work then? Do they have some key in rom? Jim
jim@tadpole.com says:
You can't even solve the problem with DH key exchange -- you are subject to "man in the middle" attacks. You must share SOME information via a secure channel in order to have both authentication and privacy on a channel. However, the information exchanged could be small and fairly one-time -- like the public key of a trusted entity that signs other public keys.
How do STU-III phones work then? Do they have some key in rom?
I dunno enough about STU-III phones. Maybe they don't care about man in the middle, or maybe they use fixed conventional of some sort for authentication. I have a vague memory of someone telling me that some of them have code keys. However, just as an exercise, I suggest people convince themselves of how easy it is to play "man in the middle" on a D-H connection. Its valuable to go through it in your head. .pm
participants (2)
-
jim@tadpole.com
-
Perry E. Metzger