From: Bill Frantz <frantz@netcom.com>
Date: Mon, 13 Oct 1997 14:52:43 +0800
To: "John Kelsey" <cypherpunks@Algebra.COM>
Subject: Re: Defeating MITM with Eric's Secure Phone
In-Reply-To: <199710110651.BAA02401@email.plnet.net>
Message-ID: <v03007801b0675fedb3e4@[207.94.249.103]>
MIME-Version: 1.0
Content-Type: text/plain



At 11:53 PM -0700 10/10/97, John Kelsey wrote:
>This is *almost* right.  We need to add one more thing,
>though:
>
>1.      Alice calls Mallory, thinking she's calling Bob.
>She reads the first three digits to him.  He makes the
>connection fall apart.  At the same time, Mallory calls Bob,
>pretending to be Alice, and causes the connection to fall
>apart at the same time.

John - You're absolutely right.  I haven't had a phone connection fail
after connect for a coon's age, but I remember the bad old days of living
in GTE-land.  (For example, the time I called my wife from work and she
asked me to call Kristine and have her call because no one in Los Gatos
could call out.)

A comm failure during authentication should be enough reason to go to the
next set of 16 words.

N.B. I was assuming that Alice would only commit one digit to Bob before
having Bob commit one digit to her.  It seems from our analysis that doing
it one digit at a time greatly improves the chances of catching Mallory
early.


-------------------------------------------------------------------------
Bill Frantz       | Internal surveillance      | Periwinkle -- Consulting
(408)356-8506     | helped make the USSR the   | 16345 Englewood Ave.
frantz@netcom.com | nation it is today.        | Los Gatos, CA 95032, USA