Diffie-Hellman and MITM

gfgs pedo jtrjtrjtr2001 at yahoo.com
Mon Jul 1 05:08:51 PDT 2002


hi,

Thanx Mark, I was also wondering on the line of hash
functions too,me 2 dont see how it works securely.
Nor does the interlock protocol look secure to me.

Regards Data.



--- Marcel Popescu <mdpopescu at subdimension.com> wrote:
> From: "gfgs pedo" <jtrjtrjtr2001 at yahoo.com>
> 
> > One solution suggested against the man in the
> middle
> > attack is using the interlock protocol
> 
> This is the one I vaguely recalled, thank you.
> 
> > All mallory would have to do is send the half of
> the
> > (n th) packet when he receives the half of (n+1)th
> > packet since the 1 st packet was faked by mallory.
> 
> Interesting attack... assuming that a one-block
> delay doesn't look
> suspicious.
> 
> What if every message except the very first one has
> a hash of the previously
> received message?
> 
> A -> (M ->) B: half 1 of message A1
> B -> (M ->) A: half 1 of message B1 | hash (half 1
> of message A1)
> A -> (M ->) B: half 2 of message A1 | hash (half 1
> of message B1)
> B -> (M ->) A: half 2 of message B1 | hash (half 2
> of message A1)
> A -> (M ->) B: half 1 of message A2 | hash (half 2
> of message B1)
> ... and so on
> 
> Nah... won't work; since M captures A1 and B1, he
> can compute the hashes for
> both the initial bogus message and the (delayed)
> genuine ones. Same if they
> try hasing all the previous messages.
> 
> What if they send the hash of the *other* half? (The
> program splitting the
> messages already has the full ones.)
> 
> A -> (M ->) B: half 1 of message A1 | hash (half 2
> of message A1)
> B -> (M ->) A: half 1 of message B1 | hash (half 2
> of message B1)
> A -> (M ->) B: half 2 of message A1 | hash (half 1
> of message A1)
> B -> (M ->) A: half 2 of message B1 | hash (half 1
> of message B1)
> ... and so on
> 
> Nope, no good... M fakes the first message in both
> direction, and then he
> always has a good one, so he can compute the hashes.
> 
> The only thing that might, as far as I can see,
> succeed (with a high
> probability) would be for everyone to hash the
> *next* half - meaning that,
> together with half 2 of message N, there will be the
> hash of half one of
> message N + 1. However, I don't see how this would
> be possible for an
> interactive communication...
> 
> Thanks,
> Mark
> 
> 


__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com





More information about the cypherpunks-legacy mailing list