[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secure comm program, Sockets + LINK

To: [email protected]
Subject: Re: Secure comm program, Sockets + LINK
From: "Perry E. Metzger" <[email protected]>
Date: Wed, 14 Jul 1993 13:56:17 -0400
Cc: [email protected]
In-Reply-To: Your message of "Wed, 14 Jul 1993 17:52:15 GMT." <9307141752.AA00397@ono-sendai>
Reply-To: [email protected]


[email protected] says:
> 
> > You can't even solve the problem with DH key exchange -- you are
> > subject to "man in the middle" attacks. You must share SOME
> > information via a secure channel in order to have both authentication
> > and privacy on a channel. However, the information exchanged could be
> > small and fairly one-time -- like the public key of a trusted entity
> > that signs other public keys.
> 
> How do STU-III phones work then?  Do they have some key in rom?

I dunno enough about STU-III phones. Maybe they don't care about man
in the middle, or maybe they use fixed conventional of some sort for
authentication. I have a vague memory of someone telling me that some
of them have code keys.

However, just as an exercise, I suggest people convince themselves of
how easy it is to play "man in the middle" on a D-H connection. Its
valuable to go through it in your head.

.pm

References:
- Re: Secure comm program, Sockets + LINK
  - From: [email protected]

Prev by Date: Re: Secure comm program, Sockets + LINK
Next by Date: Re: Secure comm program, Sockets + LINK
Prev by thread: Re: Secure comm program, Sockets + LINK
Next by thread: Re: Secure comm program, Sockets + LINK
Index(es):
- Date
- Thread