[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ESP Unix encrypted session protocol software
At 11:49 PM 1/31/95, Thomas Grant Edwards wrote:
>On Tue, 31 Jan 1995, Eric Hughes wrote:
>> Just because plain old Diffie Hellman is subject to active attack
>> doesn't mean it's useless. Some protection is better than no
>> protection at all. It's still worthwhile implementing some security
>> to make an opponent's task harder than to implement no security.
>I'm curious though if there is some way to reduce the risk or at least
>increase the detectability of active DH spoofing. I am thinking of the
>use of a trusted adjudicator who could receive information from both the
>original participants and check to see if the two keys matched.
>Does anyone see a good solution to this problem?
I trust that that the attack refered to is the "man-in-the-middle". I find
it very curious that there is a simple fix to the attack for the enctrypted
voice channel. Each unit displays to its human a few bits of g^(xy). One
human quotes them vocally to the other. If there is a man in the middle the
bits are unlikely to match. What I find curious is that there seems to be
no automated analog to this precaution. It has to do with the difficulty of
substituting the vocal signals that code these bits. This is too hard for
either computer or man (in the middle). I write to stimulate a solution. I