From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 10 Oct 1997 18:59:02 +0800
To: anon@anon.efga.org
Subject: Re: Defeating MITM with Eric's Secure Phone
In-Reply-To: <bf93dd7a6705c63ca0db70676cb3e3af@anon.efga.org>
Message-ID: <199710101045.LAA00179@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain




Monty Cantsin writes:
> My apologies if this has already been discussed, but wouldn't this be
> a straightforward solution?

John Kelsey described the same system.

[adding hex passphrase digits exchanged via PGP to display digits]

> Any flaws?

See my other recent post in this thread... I think it doesn't work
because Mallet can recover the passphrase.  You must remember that
when Mallet is actively doing a MITM attack he knows the digits on the
display of each party.  With that info he can recover the passphrase
by subtracting.  Then he can give Alice the correct checksum for the
link A<->M and Bob the correct checksum for the link M<->B.

Adam
-- 
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`