Re: Defeating MITM with Eric's Secure Phone

[Bill Frantz <frantz@netcom.com>]

At 11:53 PM -0700 10/10/97, John Kelsey wrote:
>This is *almost* right.  We need to add one more thing,
>though:
>
>1.      Alice calls Mallory, thinking she's calling Bob.
>She reads the first three digits to him.  He makes the
>connection fall apart.  At the same time, Mallory calls Bob,
>pretending to be Alice, and causes the connection to fall
>apart at the same time.

John - You're absolutely right.  I haven't had a phone connection fail
after connect for a coon's age, but I remember the bad old days of living
in GTE-land.  (For example, the time I called my wife from work and she
asked me to call Kristine and have her call because no one in Los Gatos
could call out.)

A comm failure during authentication should be enough reason to go to the
next set of 16 words.

N.B. I was assuming that Alice would only commit one digit to Bob before
having Bob commit one digit to her.  It seems from our analysis that doing
it one digit at a time greatly improves the chances of catching Mallory
early.


-------------------------------------------------------------------------
Bill Frantz       | Internal surveillance      | Periwinkle -- Consulting
(408)356-8506     | helped make the USSR the   | 16345 Englewood Ave.
frantz@netcom.com | nation it is today.        | Los Gatos, CA 95032, USA