[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secure comm program, Sockets + LINK




[email protected] says:
> 
> > You can't even solve the problem with DH key exchange -- you are
> > subject to "man in the middle" attacks. You must share SOME
> > information via a secure channel in order to have both authentication
> > and privacy on a channel. However, the information exchanged could be
> > small and fairly one-time -- like the public key of a trusted entity
> > that signs other public keys.
> 
> How do STU-III phones work then?  Do they have some key in rom?

I dunno enough about STU-III phones. Maybe they don't care about man
in the middle, or maybe they use fixed conventional of some sort for
authentication. I have a vague memory of someone telling me that some
of them have code keys.

However, just as an exercise, I suggest people convince themselves of
how easy it is to play "man in the middle" on a D-H connection. Its
valuable to go through it in your head.

.pm