1997-10-10 - Re: Defeating MITM with Eric’s Secure Phone

Header Data

From: Adam Back <aba@dcs.ex.ac.uk>
To: anon@anon.efga.org
Message Hash: baf460eb4dde2930b11c1122e208a080129f8481f8282a943efab32d469f3f9d
Message ID: <199710101045.LAA00179@server.test.net>
Reply To: <bf93dd7a6705c63ca0db70676cb3e3af@anon.efga.org>
UTC Datetime: 1997-10-10 10:59:02 UTC
Raw Date: Fri, 10 Oct 1997 18:59:02 +0800

Raw message

From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 10 Oct 1997 18:59:02 +0800
To: anon@anon.efga.org
Subject: Re: Defeating MITM with Eric's Secure Phone
In-Reply-To: <bf93dd7a6705c63ca0db70676cb3e3af@anon.efga.org>
Message-ID: <199710101045.LAA00179@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain




Monty Cantsin writes:
> My apologies if this has already been discussed, but wouldn't this be
> a straightforward solution?

John Kelsey described the same system.

[adding hex passphrase digits exchanged via PGP to display digits]

> Any flaws?

See my other recent post in this thread... I think it doesn't work
because Mallet can recover the passphrase.  You must remember that
when Mallet is actively doing a MITM attack he knows the digits on the
display of each party.  With that info he can recover the passphrase
by subtracting.  Then he can give Alice the correct checksum for the
link A<->M and Bob the correct checksum for the link M<->B.

Adam
-- 
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`






Thread