1997-10-06 - Re: Secure phone

Header Data

From: Eric Blossom <eb@comsec.com>
To: aba@dcs.ex.ac.uk
Message Hash: d3deb0b2eeb521ff7c62d97155015fa4398cf04180b0c13468e20ca252ffcd71
Message ID: <199710061917.MAA22966@comsec.com>
Reply To: <199710061757.SAA01293@server.test.net>
UTC Datetime: 1997-10-06 19:57:55 UTC
Raw Date: Tue, 7 Oct 1997 03:57:55 +0800

Raw message

From: Eric Blossom <eb@comsec.com>
Date: Tue, 7 Oct 1997 03:57:55 +0800
To: aba@dcs.ex.ac.uk
Subject: Re: Secure phone
In-Reply-To: <199710061757.SAA01293@server.test.net>
Message-ID: <199710061917.MAA22966@comsec.com>
MIME-Version: 1.0
Content-Type: text/plain



> Bill Frantz <frantz@netcom.com> writes:
> > At 6:25 PM -0700 10/5/97, Adam Back wrote:
> > >On the other hand, using persistent key public key crypto, Tim has
> > >been signing his posts recently, and I have an ancient public key of
> > >his stashed away which his new key is signed with.  If we were able to
> > >construct a protocol to bolt on top of the reading of hashes, we could
> > >have much greater protection against MITM.
> > 
> > Of course if you can use PGP as well as the secure phone, you can use PGP
> > to exchange a pad of one-time passwords.
> 
> The passwords alone don't do you any good: if you read them out over
> the phone, Eve can just repeat them.

There's no reason you couldn't use the passwords in a bidirectional
challenge/response scenario.  The units can pass (optionally
encrypted) control messages back and forth while in secure voice mode.

Eric






Thread