Re: authentication suggestion for secure phone (Re: computationally infeasible jobs for MITMs)

[John Deters <jad@dsddhc.com>]

At 01:15 PM 10/10/97 +0100, Adam Back you wrote:
>Persistence authentication suggestion:
>A way to use the fact that you have had one or more non-MITM'd calls
>is for the unit to remember the number and exchange a secret with the
>called unit inside the encryption envelope.

The problems with this solution are twofold:

1.  Eric may have to redesign the unit to have persistent read-write
storage.  And maybe a *lot* of storage, if you use it a lot.  Maybe a lot
of expen$ive $torage at that.  His phone is already priced way out of the
consumer market, let's not add to that.

2.  I had problems with UUCP when my machines got out of sync (way back
when.)  Just think how bad they'll look if they refuse to light up "secure"
because one guy had to change batteries.

I agree with you that external authentication is the only way to fly.  And
if it is simply accepted, lets let Eric's unit survive unmolested and use
PGP out-of-band (as per Monty's suggestion) or use PGP to exchange session
keys (like in Speak Freely.)

I also think the most likely avenue of attack will be a black bag job on
the individual user's phone.  MITM attacks seem too risky and expensive to
pay off.

John
--
J. Deters "Don't think of Windows programs as spaghetti code.  Think
          of them as 'Long sticky pasta objects in OLE sauce'."
+--------------------------------------------------------------------+
| NET:   mailto:jad@dsddhc.com (work)   mailto:jad@pclink.com (home) |
| PSTN:  1 612 375 3116 (work)          1 612 894 8507 (home)        |
| ICBM:  44^58'36"N by 93^16'27"W Elev. ~=290m (work)                |
| For my public key, send mail with the exact subject line of:       |
| Subject: get pgp key                                               |
+--------------------------------------------------------------------+