Diffie-Hellman and MITM
Mike Rosing
eresrch at eskimo.com
Fri Jun 28 06:04:45 PDT 2002
On Fri, 28 Jun 2002, Marcel Popescu wrote:
> Well... I assume an active MITM (like my ISP). He's able to intercept my
> public key request and change it. Plus, I now realize I should have put an
> even harder condition - no previously shared *information*, even if it's
> public. I need to know if two complete strangers can communicate securely
> over an insecure network, even if they communicate through an untrusted
> party. Wasn't there a protocol for two prisoners communicating through an
> untrusted guard?
Can't be done.
You must have multiple channels, and you need to hope that all
of them can't be spoofed. A phone call, a newspaper ad, a bill board,
a satallite link, any one of them might be spoofed. But to spoof *all*
of them would be very hard.
If you use some kind of "security by obscurity" method, you can do
something once. but for general security, it's not possible to just
go via the net without an out-of-band check.
A public posting of the key id is a pretty safe way for a large
company or organization. A .sig with your key id is another good
way, it leaves traces all over the net for a long time. The point
is that you have to leave some kind of trace that's checkable via
an effective alternate channel. Otherwise, the MITM wins.
Patience, persistence, truth,
Dr. mike
More information about the cypherpunks-legacy
mailing list