[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Defeating MITM with Eric's Secure Phone

To: [email protected]
Subject: Re: Defeating MITM with Eric's Secure Phone
From: Adam Back <[email protected]>
Date: Fri, 10 Oct 1997 11:45:19 +0100
CC: [email protected]
In-reply-to: <[email protected]> (message fromAnonymous on Thu, 9 Oct 1997 23:31:36 -0400)
Sender: [email protected]

Monty Cantsin writes:
> My apologies if this has already been discussed, but wouldn't this be
> a straightforward solution?

John Kelsey described the same system.

[adding hex passphrase digits exchanged via PGP to display digits]

> Any flaws?

See my other recent post in this thread... I think it doesn't work
because Mallet can recover the passphrase.  You must remember that
when Mallet is actively doing a MITM attack he knows the digits on the
display of each party.  With that info he can recover the passphrase
by subtracting.  Then he can give Alice the correct checksum for the
link A<->M and Bob the correct checksum for the link M<->B.

Adam
-- 
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`

References:
- Re: Defeating MITM with Eric's Secure Phone
  - From: Anonymous <[email protected]>

Prev by Date: Re: What's really in PGP 5.5?
Next by Date: Re: What's really in PGP 5.5?
Prev by thread: Re: Defeating MITM with Eric's Secure Phone
Next by thread: Re: Defeating MITM with Eric's Secure Phone
Index(es):
- Date
- Thread