Diffie-Hellman and MITM

Morlock Elloi morlockelloi at yahoo.com
Fri Jul 5 08:59:53 PDT 2002


> Consider setting up a secure video call with somebody,
> and each of you reading the hash of your DH parameter to the other.
> It's really hard for a MITM to fake that - but if you don't know
> what the other person looks or sounds like, do you know it's really them,
> or did you just have an unbreakably secure call with the wrong person?

Whatever you deploy to define "somebody" should be used as authentication
channel. You are exactly as secure as as you can define "somebody". Your al
quaeda coworker probably has your never published public key. Your online-found
busty and wet blonde is probably named Gordon.


=====
end
(of original message)

Y-a*h*o-o (yes, they scan for this) spam follows:
Sign up for SBC Yahoo! Dial - First Month Free
http://sbc.yahoo.com





More information about the cypherpunks-legacy mailing list