1994-02-06 - CERT advisory

Header Data

From: hughes@ah.com (Eric Hughes)
To: cypherpunks@toad.com
Message Hash: 78c30c93bd2ab7effe2673bef3ed8663c9a8512e32ad7f362651babcac73e46c
Message ID: <9402060343.AA17498@ah.com>
Reply To: <199402051944.LAA09776@mail.netcom.com>
UTC Datetime: 1994-02-06 03:45:49 UTC
Raw Date: Sat, 5 Feb 94 19:45:49 PST

Raw message

From: hughes@ah.com (Eric Hughes)
Date: Sat, 5 Feb 94 19:45:49 PST
To: cypherpunks@toad.com
Subject: CERT advisory
In-Reply-To: <199402051944.LAA09776@mail.netcom.com>
Message-ID: <9402060343.AA17498@ah.com>
MIME-Version: 1.0
Content-Type: text/plain

>> Since active interception is not nearly so easy as passive listening,

>This isn't true of anything but the aether itself or a point to point
>wire with integrity.  In any switched or networked system with routing,
>active interception is trivial.  

Possible?  Yes.

Trivial?  Bullshit.

It's all economics, and the resources required to intercept packets
and spoof protocols is significantly greater than that merely to watch
packets go by.  There are many fewer people with these greater
resources, which include access to routers.

Both active and passive attacks are possible in a packet forwarding
system.  Merely because both are possible does not mean that they are
the same.

D-H is not a panacea, but its use for password transmission would
completely solve the Ethernet sniffing problem.  That alone indicates
that active and passive attacks are different in nature and in the
defences appropriate.

D-H doesn't require any prearranged keying material, which is its
primary advantage against passive attacks.  Since distribution and
storage of keying material is an as-yet pragmatically unsolved
problem, it is unwise to insist upon prearranged keys when a partial
solution, D-H, is available immediately.