From: Eric Blossom <eb@comsec.com>
To: jad@dsddhc.com
Message Hash: c8ea20e0cd284651f208ac7e9b6550ae6610a6b9a1a751111755964b4ed2ce6c
Message ID: <199710032326.QAA19691@comsec.com>
Reply To: <3.0.3.32.19971002155954.00bfc7e0@labg30>
UTC Datetime: 1997-10-03 23:52:34 UTC
Raw Date: Sat, 4 Oct 1997 07:52:34 +0800
From: Eric Blossom <eb@comsec.com>
Date: Sat, 4 Oct 1997 07:52:34 +0800
To: jad@dsddhc.com
Subject: Re: Secure phone
In-Reply-To: <3.0.3.32.19971002155954.00bfc7e0@labg30>
Message-ID: <199710032326.QAA19691@comsec.com>
MIME-Version: 1.0
Content-Type: text/plain
>The MITM attack is thwarted by Lucky's note:
>>> DH and have the parties each read half of a hash of the public
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>> exponentials. No keys to store, no keys to remember, no keys to compromise.
> ^^^^^^^^^^^^^
>
>Each party reads off a series of digits displayed on their screen. Out
>loud. To each other. Over the secure phone.
>
>The MITM attacker can't duplicate the hash on both ends, because a hash of
>the public keys used to make the connection are different between the
>MITM's public key and the real public keys.
In addition, to keep life even more interesting, prior to exchanging
the public exponentials g^x and g^y, commitments (hashes) to those
values are exchanged... If the commitments don't match the final
values, the protocol terminates. See http://www.comsec.com/vp1-protocol.ps
for all the details.
Eric
Return to October 1997
Return to “The Spook <ts@dev.null>”