[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Secure phone
> Bill Frantz <[email protected]> writes:
> > At 6:25 PM -0700 10/5/97, Adam Back wrote:
> > >On the other hand, using persistent key public key crypto, Tim has
> > >been signing his posts recently, and I have an ancient public key of
> > >his stashed away which his new key is signed with. If we were able to
> > >construct a protocol to bolt on top of the reading of hashes, we could
> > >have much greater protection against MITM.
> >
> > Of course if you can use PGP as well as the secure phone, you can use PGP
> > to exchange a pad of one-time passwords.
>
> The passwords alone don't do you any good: if you read them out over
> the phone, Eve can just repeat them.
There's no reason you couldn't use the passwords in a bidirectional
challenge/response scenario. The units can pass (optionally
encrypted) control messages back and forth while in secure voice mode.
Eric