1997-10-03 - Re: Secure phone
Header Data
From: Eric Blossom <eb@comsec.com>
To: jad@dsddhc.com
Message Hash: c8ea20e0cd284651f208ac7e9b6550ae6610a6b9a1a751111755964b4ed2ce6c
Message ID: <199710032326.QAA19691@comsec.com>
Reply To: <3.0.3.32.19971002155954.00bfc7e0@labg30>
UTC Datetime: 1997-10-03 23:52:34 UTC
Raw Date: Sat, 4 Oct 1997 07:52:34 +0800
Raw message
From: Eric Blossom <eb@comsec.com>
Date: Sat, 4 Oct 1997 07:52:34 +0800
To: jad@dsddhc.com
Subject: Re: Secure phone
In-Reply-To: <3.0.3.32.19971002155954.00bfc7e0@labg30>
Message-ID: <199710032326.QAA19691@comsec.com>
MIME-Version: 1.0
Content-Type: text/plain
>The MITM attack is thwarted by Lucky's note:
>>> DH and have the parties each read half of a hash of the public
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>> exponentials. No keys to store, no keys to remember, no keys to compromise.
> ^^^^^^^^^^^^^
>
>Each party reads off a series of digits displayed on their screen. Out
>loud. To each other. Over the secure phone.
>
>The MITM attacker can't duplicate the hash on both ends, because a hash of
>the public keys used to make the connection are different between the
>MITM's public key and the real public keys.
In addition, to keep life even more interesting, prior to exchanging
the public exponentials g^x and g^y, commitments (hashes) to those
values are exchanged... If the commitments don't match the final
values, the protocol terminates. See http://www.comsec.com/vp1-protocol.ps
for all the details.
Eric
Thread
Return to October 1997
- Return to “Adam Back <aba@dcs.ex.ac.uk>”
- Return to “Bill Frantz <frantz@netcom.com>”
- Return to “Bill Stewart <stewarts@ix.netcom.com>”
- Return to ““Carl M. Ellison” <cme@acm.org>”
- Return to “Eric Blossom <eb@comsec.com>”
- Return to “John Deters <jad@dsddhc.com>”
Return to “The Spook <ts@dev.null>”
- Unknown thread root
- 1997-10-02 (Fri, 3 Oct 1997 05:20:26 +0800) - Re: Secure phone - John Deters <jad@dsddhc.com>
- 1997-10-03 (Sat, 4 Oct 1997 07:52:34 +0800) - Re: Secure phone - Eric Blossom <eb@comsec.com>
- 1997-10-06 (Mon, 6 Oct 1997 16:08:02 +0800) - Re: Secure phone - Adam Back <aba@dcs.ex.ac.uk>
- 1997-10-06 (Tue, 7 Oct 1997 04:02:19 +0800) - Re: Secure phone - Eric Blossom <eb@comsec.com>
- 1997-10-06 (Tue, 7 Oct 1997 05:55:29 +0800) - using PGP email to authenticate Eric’s Secure phone - Adam Back <aba@dcs.ex.ac.uk>
- 1997-10-07 (Tue, 7 Oct 1997 23:36:21 +0800) - Re: Secure phone - John Deters <jad@dsddhc.com>
- 1997-10-07 (Wed, 8 Oct 1997 04:06:54 +0800) - Re: Secure phone - Eric Blossom <eb@comsec.com>
- 1997-10-08 (Thu, 9 Oct 1997 02:34:10 +0800) - Re: Secure phone - John Deters <jad@dsddhc.com>
- 1997-10-08 (Thu, 9 Oct 1997 06:55:21 +0800) - computationally infeasible jobs for MITMs (Re: Secure phone) - Adam Back <aba@dcs.ex.ac.uk>
- 1997-10-09 (Thu, 9 Oct 1997 11:08:36 +0800) - Re: computationally infeasible jobs for MITMs (Re: Secure phone) - John Deters <jad@dsddhc.com>
- 1997-10-10 (Fri, 10 Oct 1997 15:14:29 +0800) - Re: computationally infeasible jobs for MITMs (Re: Secure phone) - Bill Stewart <stewarts@ix.netcom.com>
- 1997-10-10 (Fri, 10 Oct 1997 20:24:57 +0800) - authentication suggestion for secure phone (Re: computationally infeasible jobs for MITMs) - Adam Back <aba@dcs.ex.ac.uk>
- 1997-10-10 (Fri, 10 Oct 1997 23:12:56 +0800) - Re: authentication suggestion for secure phone (Re: computationally infeasible jobs for MITMs) - John Deters <jad@dsddhc.com>
- 1997-10-10 (Sat, 11 Oct 1997 01:21:13 +0800) - secure phone on a PCI card? (Re: authentication suggestion for secure phone) computationally infeasible jobs for MITMs) - Adam Back <aba@dcs.ex.ac.uk>
- 1997-10-10 (Sat, 11 Oct 1997 05:25:51 +0800) - Re: secure phone on a PCI card? (Re: authentication suggestion for secure phone) computationally infeasible jobs for MITMs) - Eric Blossom <eb@comsec.com>
- 1997-10-10 (Sat, 11 Oct 1997 07:40:56 +0800) - Re: secure phone on a PCI card? (Re: authentication suggestion for secure phone) computationally infeasible jobs for MITMs) - Adam Back <aba@dcs.ex.ac.uk>
- 1997-10-10 (Sat, 11 Oct 1997 05:25:51 +0800) - Re: secure phone on a PCI card? (Re: authentication suggestion for secure phone) computationally infeasible jobs for MITMs) - Eric Blossom <eb@comsec.com>
- 1997-10-10 (Sat, 11 Oct 1997 01:21:13 +0800) - secure phone on a PCI card? (Re: authentication suggestion for secure phone) computationally infeasible jobs for MITMs) - Adam Back <aba@dcs.ex.ac.uk>
- 1997-10-10 (Sat, 11 Oct 1997 00:02:15 +0800) - Re: authentication suggestion for secure phone (Re: computationally infeasible jobs for MITMs) - The Spook <ts@dev.null>
- 1997-10-09 (Thu, 9 Oct 1997 12:10:47 +0800) - Re: Secure phone - “Carl M. Ellison” <cme@acm.org>
- 1997-10-06 (Tue, 7 Oct 1997 04:02:19 +0800) - Re: Secure phone - Eric Blossom <eb@comsec.com>
- 1997-10-06 (Tue, 7 Oct 1997 00:40:13 +0800) - Re: Secure phone - Bill Frantz <frantz@netcom.com>
- 1997-10-06 (Tue, 7 Oct 1997 02:23:45 +0800) - Re: Secure phone - Adam Back <aba@dcs.ex.ac.uk>
- 1997-10-06 (Tue, 7 Oct 1997 03:57:55 +0800) - Re: Secure phone - Eric Blossom <eb@comsec.com>
- 1997-10-06 (Tue, 7 Oct 1997 04:02:35 +0800) - Re: Secure phone - Eric Blossom <eb@comsec.com>
- 1997-10-07 (Tue, 7 Oct 1997 14:52:45 +0800) - Re: Secure phone - Bill Frantz <frantz@netcom.com>
- 1997-10-06 (Tue, 7 Oct 1997 02:23:45 +0800) - Re: Secure phone - Adam Back <aba@dcs.ex.ac.uk>
- 1997-10-06 (Mon, 6 Oct 1997 16:08:02 +0800) - Re: Secure phone - Adam Back <aba@dcs.ex.ac.uk>
- 1997-10-03 (Sat, 4 Oct 1997 07:52:34 +0800) - Re: Secure phone - Eric Blossom <eb@comsec.com>
- 1997-10-02 (Fri, 3 Oct 1997 05:20:26 +0800) - Re: Secure phone - John Deters <jad@dsddhc.com>