Secure phone
Eric Blossom
eb at comsec.com
Fri Oct 3 16:52:34 PDT 1997
>The MITM attack is thwarted by Lucky's note:
>>> DH and have the parties each read half of a hash of the public
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>> exponentials. No keys to store, no keys to remember, no keys to compromise.
> ^^^^^^^^^^^^^
>
>Each party reads off a series of digits displayed on their screen. Out
>loud. To each other. Over the secure phone.
>
>The MITM attacker can't duplicate the hash on both ends, because a hash of
>the public keys used to make the connection are different between the
>MITM's public key and the real public keys.
In addition, to keep life even more interesting, prior to exchanging
the public exponentials g^x and g^y, commitments (hashes) to those
values are exchanged... If the commitments don't match the final
values, the protocol terminates. See http://www.comsec.com/vp1-protocol.ps
for all the details.
Eric
More information about the cypherpunks-legacy
mailing list