[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secure phone




> Bill Frantz <[email protected]> writes:
> > At 6:25 PM -0700 10/5/97, Adam Back wrote:
> > >On the other hand, using persistent key public key crypto, Tim has
> > >been signing his posts recently, and I have an ancient public key of
> > >his stashed away which his new key is signed with.  If we were able to
> > >construct a protocol to bolt on top of the reading of hashes, we could
> > >have much greater protection against MITM.
> > 
> > Of course if you can use PGP as well as the secure phone, you can use PGP
> > to exchange a pad of one-time passwords.
> 
> The passwords alone don't do you any good: if you read them out over
> the phone, Eve can just repeat them.

There's no reason you couldn't use the passwords in a bidirectional
challenge/response scenario.  The units can pass (optionally
encrypted) control messages back and forth while in secure voice mode.

Eric