1997-10-06 - Re: Secure phone

Header Data

From: Adam Back <aba@dcs.ex.ac.uk>
To: eb@comsec.com
Message Hash: a674c705dd64dbac028b3759b1f234c881b05954e3ba7cc480ae822783aed30e
Message ID: <199710060125.CAA03034@server.test.net>
Reply To: <199710032326.QAA19691@comsec.com>
UTC Datetime: 1997-10-06 08:08:02 UTC
Raw Date: Mon, 6 Oct 1997 16:08:02 +0800

Raw message

From: Adam Back <aba@dcs.ex.ac.uk>
Date: Mon, 6 Oct 1997 16:08:02 +0800
To: eb@comsec.com
Subject: Re: Secure phone
In-Reply-To: <199710032326.QAA19691@comsec.com>
Message-ID: <199710060125.CAA03034@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain




Eric Blossom <eb@comsec.com> writes:
> >Each party reads off a series of digits displayed on their screen.  Out
> >loud.  To each other.  Over the secure phone.
> >
> >The MITM attacker can't duplicate the hash on both ends, because a hash of
> >the public keys used to make the connection are different between the
> >MITM's public key and the real public keys.
> 
> In addition, to keep life even more interesting, prior to exchanging
> the public exponentials g^x and g^y, commitments (hashes) to those
> values are exchanged...  If the commitments don't match the final
> values, the protocol terminates.  

I can't see that this prevents MITM either.

Eve, the attacker, just sends commitments to the values she would have
sent in performing the MITM were there no commitments.

Still falls back to a belief that a well resourced attacker can't
splice audio in real time.

Say (for example) if someone smuggled me one of your phones, and I
called up Tim.  The only protection I'd have is recognizing Tim's
voice after hearing him speak breifly years ago.  (American accents
sound similar to me).

On the other hand, using persistent key public key crypto, Tim has
been signing his posts recently, and I have an ancient public key of
his stashed away which his new key is signed with.  If we were able to
construct a protocol to bolt on top of the reading of hashes, we could
have much greater protection against MITM.

To answer the other poster who opined that you had no business saying
things to people who's voices you don't recognize: nonsense.

We're saying things all the time to people who's voices we've _never_
heard with PGP.

Adam
-- 
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`

Thread

• Return to October 1997

• Return to “Adam Back <aba@dcs.ex.ac.uk>”
• Return to “Bill Frantz <frantz@netcom.com>”
• Return to “Bill Stewart <stewarts@ix.netcom.com>”
• Return to ““Carl M. Ellison” <cme@acm.org>”
• Return to “Eric Blossom <eb@comsec.com>”
• Return to “John Deters <jad@dsddhc.com>”

• Return to “The Spook <ts@dev.null>”

• Unknown thread root
  • 1997-10-02 (Fri, 3 Oct 1997 05:20:26 +0800) - Re: Secure phone - John Deters <jad@dsddhc.com>
    • 1997-10-03 (Sat, 4 Oct 1997 07:52:34 +0800) - Re: Secure phone - Eric Blossom <eb@comsec.com>
      • 1997-10-06 (Mon, 6 Oct 1997 16:08:02 +0800) - Re: Secure phone - Adam Back <aba@dcs.ex.ac.uk>
        • 1997-10-06 (Tue, 7 Oct 1997 04:02:19 +0800) - Re: Secure phone - Eric Blossom <eb@comsec.com>
          • 1997-10-06 (Tue, 7 Oct 1997 05:55:29 +0800) - using PGP email to authenticate Eric’s Secure phone - Adam Back <aba@dcs.ex.ac.uk>
        • 1997-10-07 (Tue, 7 Oct 1997 23:36:21 +0800) - Re: Secure phone - John Deters <jad@dsddhc.com>
          • 1997-10-07 (Wed, 8 Oct 1997 04:06:54 +0800) - Re: Secure phone - Eric Blossom <eb@comsec.com>
          • 1997-10-08 (Thu, 9 Oct 1997 02:34:10 +0800) - Re: Secure phone - John Deters <jad@dsddhc.com>
            • 1997-10-08 (Thu, 9 Oct 1997 06:55:21 +0800) - computationally infeasible jobs for MITMs (Re: Secure phone) - Adam Back <aba@dcs.ex.ac.uk>
            • 1997-10-09 (Thu, 9 Oct 1997 11:08:36 +0800) - Re: computationally infeasible jobs for MITMs (Re: Secure phone) - John Deters <jad@dsddhc.com>
            • 1997-10-10 (Fri, 10 Oct 1997 15:14:29 +0800) - Re: computationally infeasible jobs for MITMs (Re: Secure phone) - Bill Stewart <stewarts@ix.netcom.com>
              • 1997-10-10 (Fri, 10 Oct 1997 20:24:57 +0800) - authentication suggestion for secure phone (Re: computationally infeasible jobs for MITMs) - Adam Back <aba@dcs.ex.ac.uk>
              • 1997-10-10 (Fri, 10 Oct 1997 23:12:56 +0800) - Re: authentication suggestion for secure phone (Re: computationally infeasible jobs for MITMs) - John Deters <jad@dsddhc.com>
                • 1997-10-10 (Sat, 11 Oct 1997 01:21:13 +0800) - secure phone on a PCI card? (Re: authentication suggestion for secure phone) computationally infeasible jobs for MITMs) - Adam Back <aba@dcs.ex.ac.uk>
                  • 1997-10-10 (Sat, 11 Oct 1997 05:25:51 +0800) - Re: secure phone on a PCI card? (Re: authentication suggestion for secure phone) computationally infeasible jobs for MITMs) - Eric Blossom <eb@comsec.com>
                    • 1997-10-10 (Sat, 11 Oct 1997 07:40:56 +0800) - Re: secure phone on a PCI card? (Re: authentication suggestion for secure phone) computationally infeasible jobs for MITMs) - Adam Back <aba@dcs.ex.ac.uk>
              • 1997-10-10 (Sat, 11 Oct 1997 00:02:15 +0800) - Re: authentication suggestion for secure phone (Re: computationally infeasible jobs for MITMs) - The Spook <ts@dev.null>
          • 1997-10-09 (Thu, 9 Oct 1997 12:10:47 +0800) - Re: Secure phone - “Carl M. Ellison” <cme@acm.org>
      • 1997-10-06 (Tue, 7 Oct 1997 00:40:13 +0800) - Re: Secure phone - Bill Frantz <frantz@netcom.com>
        • 1997-10-06 (Tue, 7 Oct 1997 02:23:45 +0800) - Re: Secure phone - Adam Back <aba@dcs.ex.ac.uk>
          • 1997-10-06 (Tue, 7 Oct 1997 03:57:55 +0800) - Re: Secure phone - Eric Blossom <eb@comsec.com>
          • 1997-10-06 (Tue, 7 Oct 1997 04:02:35 +0800) - Re: Secure phone - Eric Blossom <eb@comsec.com>
        • 1997-10-07 (Tue, 7 Oct 1997 14:52:45 +0800) - Re: Secure phone - Bill Frantz <frantz@netcom.com>