1994-07-08 - Re: Question: Key Distr. in realtimeo applications?

Header Data

From: gtoal@an-teallach.com (Graham Toal)
To: cypherpunks@toad.com
Message Hash: b0da7565b509ea29fdc21cae7a95690252d06fd543e8c6a5c424eb796cb4d3b9
Message ID: <199407081753.SAA16383@an-teallach.com>
Reply To: N/A
UTC Datetime: 1994-07-08 17:54:43 UTC
Raw Date: Fri, 8 Jul 94 10:54:43 PDT

Raw message

From: gtoal@an-teallach.com (Graham Toal)
Date: Fri, 8 Jul 94 10:54:43 PDT
To: cypherpunks@toad.com
Subject: Re: Question: Key Distr. in realtimeo applications?
Message-ID: <199407081753.SAA16383@an-teallach.com>
MIME-Version: 1.0
Content-Type: text/plain


: Ideally, you want to pick up your crypto-phone, initiate a call to
: another crypto-phone which you've never called before, and which was
: possibly manufactured yesterday, and be able to exchange keys with it
: in a secure fashion.  But I can't think of any way to do this, without
: opening yourself up to a man in the middle attack.

The physical key exchange can be done by Diffie-Helman, but as you note it
can be man-in-the-middled.  I think what the STU sets do is to print the 
other guy's keyprint that was actually used on an LCD on the phone, and you
read it back out to each other in voice mode.  Of course, that can be
m-i-t-m'd too but it's a damn sight harder...

G





Thread