Diffie-Hellman and MITM
Marcel Popescu
mdpopescu at subdimension.com
Fri Jun 28 02:26:29 PDT 2002
From: "Mike Rosing" <eresrch at eskimo.com>
> > Is there a defense against MITM for Diffie-Hellman? Is there another
> > protocol with equivalent properties, with such a defense? (Secure
> > communications between two parties, with no shared secret and no
out-of-band
> > abilities, on an insecure network.)
>
> What do you mean by no shared secret? The point of DH is that you
> get a shared secret.
I guess I should have said "no *previously* shared secret".
> Check out MQV protocol for MITM defense and forward secrecy. It
> uses permenent public keys and ephemeral public keys for each
> session. In any protocol, the out-of-band check of the public
> keys is still a "good thing".
Well... I assume an active MITM (like my ISP). He's able to intercept my
public key request and change it. Plus, I now realize I should have put an
even harder condition - no previously shared *information*, even if it's
public. I need to know if two complete strangers can communicate securely
over an insecure network, even if they communicate through an untrusted
party. Wasn't there a protocol for two prisoners communicating through an
untrusted guard?
Thanks,
Mark
More information about the cypherpunks-legacy
mailing list