[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: authentication suggestion for secure phone (Re: computationally infeasible jobs for MITMs)




John Deters wrote:
> 
> At 01:15 PM 10/10/97 +0100, Adam Back you wrote:
> >Persistence authentication suggestion:
> >A way to use the fact that you have had one or more non-MITM'd calls
> >is for the unit to remember the number and exchange a secret with the
> >called unit inside the encryption envelope.

> I agree with you that external authentication is the only way to fly.  And
> if it is simply accepted, lets let Eric's unit survive unmolested and use
> PGP out-of-band (as per Monty's suggestion) or use PGP to exchange session
> keys (like in Speak Freely.)
> 
> I also think the most likely avenue of attack will be a black bag job on
> the individual user's phone.  MITM attacks seem too risky and expensive to
> pay off.

I'm not a subscriber to the CypherPunks list, but I have been monitoring
the emissions from John's computer screen, and I would just like to say 
that I agree with him, wholeheartedly. I often tell my superiors that 
there are much better ways to be spending taxpayer money.

I am not alone in my agreement with most of what is being said in this
thread.
The spook supplying heroin to Adam Back's lover agrees with most of this
thread, as does the spook peeking through Eric's window (although she
disagrees with the suggestion to "let Eric's unit survive unmolested").
The one exception is the grandson of Patton who is doing surveillance
on Monty. His method is quite simply to beat Monty to the phone.

Spooky 
(isn't it?)