[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: a protocol (that doesn't work)
Did you ever wish there was an "unmail" command?
I realized about halfway home that the protocol I described not only
didn't work, but demonstrated to the world my lack of understanding
of the man-in-the-middle attack against Diffie-Hellman. Oh well, I
guess I'll keep my day job a little longer...
At least I now have a better understanding of just how hard it is to
foil man-in-the-middle attacks.
>From reading the description of the Interlock Protocol, I saw that it
is possible to arrange things so the man in the middle has to do a
lot more work. It may be that Robert Cain has come up with a
protocol that increases the work necessary to maintain a
man-in-the-middle attack to the point where the attack becomes
impractical, although not impossible, in theory. However, I think
that is this becomes the case, an attacker would simple cut Bob
completely out of the picture and change the man-in-the-middle attack
to a %100 spoof of Bob. Since Alice and Bob have never met and don't
share any secrets, how would Alice be able to tell the difference
between the real Bob, and Mallet completely spoofing Bob? In the
abstract, I don't see any way.
There may be some real-world situations where Alice can tell the
difference between Bob and pseudo-Bob. It depends on the situation
and what assumptions Alice makes about a properly behaved Bob. If
pseudo-Bob doesn't behave the way Alice expects real-Bob to behave,
then Alice could get suspicious. But now we've existed the realm of
cryptography and enter the realm of human relations. Of course,
there's still a lot of money to be made offering imperfect solutions
that are good enough for some people.
Jim_"still learning"[email protected]