From: Human Gus-Peter <hgp@dev.null>
To: Adam Back <aba@dcs.ex.ac.uk>
Message Hash: 863f63cfed68d3d62c9fe954b01bd87fc965aa19effa597a88741de4964ed84e
Message ID: <343DE86D.51B9@dev.null>
Reply To: <199710091908.UAA00790@server.test.net>
UTC Datetime: 1997-10-10 10:00:46 UTC
Raw Date: Fri, 10 Oct 1997 18:00:46 +0800
From: Human Gus-Peter <hgp@dev.null>
Date: Fri, 10 Oct 1997 18:00:46 +0800
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: Defeating MITM with Eric's Secure Phone
In-Reply-To: <199710091908.UAA00790@server.test.net>
Message-ID: <343DE86D.51B9@dev.null>
MIME-Version: 1.0
Content-Type: text/plain
Adam Back wrote:
> John Kelsey <kelsey@plnet.net> writes:
> > Adam Back <aba@dcs.ex.ac.uk> writes:
> > [computationally infeasible jobs for MITMs]
> > I prefer to work on the more immediately useful problem: How can I
> > secure my use of the (very nicely done) Comsec secure phones using
> > existing infrastructure? I am concerned with the MITM voice
> > impersonation attack, since that's the easiest attack on the
> > system.
> We were discussing this problem before turning to talking about
> automated methods. I think Eric Blossom suggested this earlier on:
>
> > 1. Exchange PGP-encrypted e-mail establishing a set of
> > sixteen different words, labeled for 0..f in each direction.
> It seems like a good solution. An interesting question might be how
> many times can you use the same table without starting to leak values.
> Perhaps it doesn't matter that much because the MITM can't exactly use
> brute force on the problem otherwise you will know he's there. He has
> to act non-passively to extract information. (Presuming the protocol
> exchanges part of the information hashed for the challenge is
> encrypted with the negotiated key).
> I think you need an encryption function. It depends on how many times
> you wanted to re-use the passphrase. The "encryption" function could
> be very weak for one use. For lots of uses you'd need a real
> encryption function. Problem is encryption functions aren't typically
> very easy to perform as mental arithmetic exercises; and
> non-programmable calculators don't help much.
Plus - A table can be based on a previously agreed upon one-time pad,
such as the old-school spook classic, first three words, second
column, page 3, New York Times.
PlusPlus - On the InformEnergy Highway, this method can be further
obscured by use of data on an obscure website, text or source,
binary or hex, etc.
The point being, that one can use complex or obscure methodologies
to obtain the one-time pad table of the day, which can be simple
enough to calculate on-the-fly in one's head.
there Are Some Similar metHOds peopLe can useE
which can even be used by children, such as myself.
Kill Flags - When WE' RElying on FeatUres of suCh Kinds, Everyone
shoulD be using prearranged kill flags to signal danger.
Keep in mind that I may just be telling you these things because
I am a cop and trying to gain your confidence.
OTOH, how many cops have a:
Human Gus-Peter
Return to October 1997
Return to ““John Kelsey” <kelsey@plnet.net>”