Secure comm program, Sockets + LINK
Perry E. Metzger
pmetzger at lehman.com
Wed Jul 14 10:57:08 PDT 1993
jim at tadpole.com says:
>
> > You can't even solve the problem with DH key exchange -- you are
> > subject to "man in the middle" attacks. You must share SOME
> > information via a secure channel in order to have both authentication
> > and privacy on a channel. However, the information exchanged could be
> > small and fairly one-time -- like the public key of a trusted entity
> > that signs other public keys.
>
> How do STU-III phones work then? Do they have some key in rom?
I dunno enough about STU-III phones. Maybe they don't care about man
in the middle, or maybe they use fixed conventional of some sort for
authentication. I have a vague memory of someone telling me that some
of them have code keys.
However, just as an exercise, I suggest people convince themselves of
how easy it is to play "man in the middle" on a D-H connection. Its
valuable to go through it in your head.
.pm
More information about the cypherpunks-legacy
mailing list