1997-10-03 - Re: Secure phone

Header Data

From: Eric Blossom <eb@comsec.com>
To: jad@dsddhc.com
Message Hash: c8ea20e0cd284651f208ac7e9b6550ae6610a6b9a1a751111755964b4ed2ce6c
Message ID: <199710032326.QAA19691@comsec.com>
Reply To: <3.0.3.32.19971002155954.00bfc7e0@labg30>
UTC Datetime: 1997-10-03 23:52:34 UTC
Raw Date: Sat, 4 Oct 1997 07:52:34 +0800

Raw message

From: Eric Blossom <eb@comsec.com>
Date: Sat, 4 Oct 1997 07:52:34 +0800
To: jad@dsddhc.com
Subject: Re: Secure phone
In-Reply-To: <3.0.3.32.19971002155954.00bfc7e0@labg30>
Message-ID: <199710032326.QAA19691@comsec.com>
MIME-Version: 1.0
Content-Type: text/plain



>The MITM attack is thwarted by Lucky's note:
>>> DH and have the parties each read half of a hash of the public
>          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>> exponentials. No keys to store, no keys to remember, no keys to compromise.
>   ^^^^^^^^^^^^^
>
>Each party reads off a series of digits displayed on their screen.  Out
>loud.  To each other.  Over the secure phone.
>
>The MITM attacker can't duplicate the hash on both ends, because a hash of
>the public keys used to make the connection are different between the
>MITM's public key and the real public keys.

In addition, to keep life even more interesting, prior to exchanging
the public exponentials g^x and g^y, commitments (hashes) to those
values are exchanged...  If the commitments don't match the final
values, the protocol terminates.  See http://www.comsec.com/vp1-protocol.ps 
for all the details.

Eric






Thread