stealthy key exchange
Bill Stewart
stewarts at ix.netcom.com
Fri Sep 20 02:27:50 PDT 1996
At 11:37 AM 9/19/96 DST, Bodo_Moeller at public.uni-hamburg.de (Bodo Moeller)
wrote:
>If both have public keys, what is the point of using Diffie-Hellman?
>The two channels (Alice -> Bob and Bob -> Alice) are independent, so
>they can use different session keys. Alice creates a random key K_A
>and sends it to Bob (encrypted with Bob's public key). Alice uses K_A
Diffie-Hellman gives you forward security - if an eavesdropper copies
your message and later steals your secret keys, he can't decrypt it,
because there's no encrypted session key to recover. To prevent
man-in-the-middle attacks, sign your half-keys with your public key.
There are some problems with this method - it requires several
exchanges, so it's awkward to use for email (though you can do it.)
Also, it does expose the signed keyparts, which reveals the public
key used for signing, though you can play games to prevent this
(e.g. negotiate the key, and send the signed keyparts encrypted
with the public key, though if there _is_ a man-in-the-middle,
the MITM can see this, and your connection will fail.)
# Thanks; Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# <A HREF="http://idiom.com/~wcs">
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto
More information about the cypherpunks-legacy
mailing list