From: gtoal@an-teallach.com (Graham Toal)
Date: Fri, 8 Jul 94 10:54:43 PDT
To: cypherpunks@toad.com
Subject: Re: Question: Key Distr. in realtimeo applications?
Message-ID: <199407081753.SAA16383@an-teallach.com>
MIME-Version: 1.0
Content-Type: text/plain


: Ideally, you want to pick up your crypto-phone, initiate a call to
: another crypto-phone which you've never called before, and which was
: possibly manufactured yesterday, and be able to exchange keys with it
: in a secure fashion.  But I can't think of any way to do this, without
: opening yourself up to a man in the middle attack.

The physical key exchange can be done by Diffie-Helman, but as you note it
can be man-in-the-middled.  I think what the STU sets do is to print the 
other guy's keyprint that was actually used on an LCD on the phone, and you
read it back out to each other in voice mode.  Of course, that can be
m-i-t-m'd too but it's a damn sight harder...

G