1997-10-10 - Re: authentication suggestion for secure phone (Re: computationally infeasible jobs for MITMs)

Header Data

From: The Spook <ts@dev.null>
To: John Deters <jad@dsddhc.com>
Message Hash: a840e0b7a36bcae6ee844c7d449b55f840f72bfb98bc8417f4630ea06095f3ed
Message ID: <343E4EFC.1783@dev.null>
Reply To: <3.0.3.32.19971009111805.006aedf0@popd.ix.netcom.com>
UTC Datetime: 1997-10-10 16:02:15 UTC
Raw Date: Sat, 11 Oct 1997 00:02:15 +0800

Raw message

From: The Spook <ts@dev.null>
Date: Sat, 11 Oct 1997 00:02:15 +0800
To: John Deters <jad@dsddhc.com>
Subject: Re: authentication suggestion for secure phone (Re: computationally infeasible jobs for MITMs)
In-Reply-To: <3.0.3.32.19971009111805.006aedf0@popd.ix.netcom.com>
Message-ID: <343E4EFC.1783@dev.null>
MIME-Version: 1.0
Content-Type: text/plain



John Deters wrote:
> 
> At 01:15 PM 10/10/97 +0100, Adam Back you wrote:
> >Persistence authentication suggestion:
> >A way to use the fact that you have had one or more non-MITM'd calls
> >is for the unit to remember the number and exchange a secret with the
> >called unit inside the encryption envelope.

> I agree with you that external authentication is the only way to fly.  And
> if it is simply accepted, lets let Eric's unit survive unmolested and use
> PGP out-of-band (as per Monty's suggestion) or use PGP to exchange session
> keys (like in Speak Freely.)
> 
> I also think the most likely avenue of attack will be a black bag job on
> the individual user's phone.  MITM attacks seem too risky and expensive to
> pay off.

I'm not a subscriber to the CypherPunks list, but I have been monitoring
the emissions from John's computer screen, and I would just like to say 
that I agree with him, wholeheartedly. I often tell my superiors that 
there are much better ways to be spending taxpayer money.

I am not alone in my agreement with most of what is being said in this
thread.
The spook supplying heroin to Adam Back's lover agrees with most of this
thread, as does the spook peeking through Eric's window (although she
disagrees with the suggestion to "let Eric's unit survive unmolested").
The one exception is the grandson of Patton who is doing surveillance
on Monty. His method is quite simply to beat Monty to the phone.

Spooky 
(isn't it?)






Thread