Diffie-Hellman and MITM

gfgs pedo jtrjtrjtr2001 at yahoo.com
Sat Jun 29 06:42:11 PDT 2002 

hi,

If there is no previous shared secret,then ur
communication on an insecure network is susecptable to
the man in the middle attack.

One solution suggested against the man in the middle
attack is using the interlock protocol





InterLock Protocol 

Is used to foil a man in the middle attack, 

1:>Alice sends Bob her public key 
2:>Bob sends Alice his public key 
3:>Alice encrypts her message with Bob's public
key.She sends half of the encryped 
message to Bob. 
4:>Bob encrypts his message using Alice's public
key.He sends half of the encrypted message to 
Alice. 
5:>Alice sends the other half of encrypted message to
Bob. 
6:>Bob puts the 2 halves of Alice's message together &
decrypts it with his private key.Bob sends 
the other half of the message to Alice. 
7:>Alice puts the 2 halves of Bob's message together &
decrypt it with her private key. 

Here Mallory can still substitute his own public key
for Alice & Bob . 
Now when he interceprs half of Alice's message,he
cannot decrypt it with his private key & 
re-encrypt it with Bob's public key .He must invent a
completely new message & send half of it to 
Bob. 
When he intercepts half of Bob's message to Alice,he
has the same problem. 
He cannot decrypt with his private key & re encrypt
with Alice's public key. 
By the time the second half of the message of Alice &
Bob arrive,its already too late to change 
the new message he invented. 
The conversation between Alice & Bob need to be
completely different. 

How ever if Mallory can mimic Alice & Bob,they might
not realise that they are being duped & 
may get away with his scheme

here is what i think
It is not compulsary that all the blocks of messages
must be invented by Mallory.

he only need to make the first full message  for alice
and send it to bob & vice versa.

ok,eg:

1:>alice send bob part of 1 st block
2:>bob makes the 1 st half on his own and send to bob
& keeps alice's message
3:>now bob sends his first half of message
4:>mallory intercept it and make his own message and
send it to alice
5:>Again bob sends alice the other half of the msg
which mallory intercepts & substitue his own 2nd part
of his block
6:>the same happens when bob sends the second half of
his message to alice,mallory intercepts it and sends
his own 2 nd block to alice.

since he has send one full block to each other & has
the full block of alice's and bob's true
messages,mallory can now split  it as half and
complete the protocol

ie,
since the 1 st packet is fake,he has the true packets
of alice & bob & can complete the protocol.

All mallory would have to do is send the half of the
(n th) packet when he receives the half of (n+1)th
packet since the 1 st packet was faked by mallory.

so i dont think the interlock protocol will work in
this case.

thats how i understand it.
am i not rite?

Regards Data.





--- Mike Rosing <eresrch at eskimo.com> wrote:
> On Fri, 28 Jun 2002, Marcel Popescu wrote:
> 
> > Well... I assume an active MITM (like my ISP).
> He's able to intercept my
> > public key request and change it. Plus, I now
> realize I should have put an
> > even harder condition - no previously shared
> *information*, even if it's
> > public. I need to know if two complete strangers
> can communicate securely
> > over an insecure network, even if they communicate
> through an untrusted
> > party. Wasn't there a protocol for two prisoners
> communicating through an
> > untrusted guard?
> 
> Can't be done.
> 
> You must have multiple channels, and you need to
> hope that all
> of them can't be spoofed.  A phone call, a newspaper
> ad, a bill board,
> a satallite link, any one of them might be spoofed. 
> But to spoof *all*
> of them would be very hard.
> 
> If you use some kind of "security by obscurity"
> method, you can do
> something once.  but for general security, it's not
> possible to just
> go via the net without an out-of-band check.
> 
> A public posting of the key id is a pretty safe way
> for a large
> company or organization.  A .sig with your key id is
> another good
> way, it leaves traces all over the net for a long
> time.  The point
> is that you have to leave some kind of trace that's
> checkable via
> an effective alternate channel.  Otherwise, the MITM
> wins.
> 
> Patience, persistence, truth,
> Dr. mike
> 


__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

More information about the Testlist mailing list