I'll show you mine if you show me, er, mine

James A. Donald jamesd at echeque.com
Wed Feb 23 10:15:31 PST 2005

On 24 Feb 2005 at 2:29, Peter Gutmann wrote:
> Isn't this a Crypto 101 mutual authentication mechanism (or
> at least a somewhat broken reinvention of such)?  If the
> exchange to prove knowledge of the PW has already been
> performed, why does A need to send the PW to B in the last
> step?  You either use timestamps to prove freshness or add an
> extra message to exchange a nonce and then there's no need to
> send the PW.  Also in the above B is acting as an oracle for
> password-guessing attacks, so you don't send back the
> decrypted text but a recognisable-by-A encrypted response, or
> garbage if you can't decrypt it, taking care to take the same
> time whether you get a valid or invalid message to avoid
> timing attacks.  Blah blah Kerberos blah blah done twenty
> years ago blah blah a'om bomb blah blah.
> (Either this is a really bad idea or the details have been
> mangled by the Register).

It is a badly bungled implementation of a really old idea.

An idea, which however, was never implemented on a large scale,
resulting in the mass use of phishing attacks.

Mutual authentication and password management should have been
designed into SSH/PKI from the beginning, but instead they
designed it to rely wholly on everyone registering themselves
with a centralized authority, which of course failed.

SSH/PKI is dead in the water, and causing a major crisis on
internet transactions.  Needs fixing - needs to be fixed by
implementing cryptographic procedures that are so old that they
are in danger of being forgetten.


         James A. Donald

More information about the cypherpunks-legacy mailing list