Anton Stiglic wrote: > That's false. Alice and Bob can follow the basic DH protocol, exactly, but > Mallory is in the middle, and what you end up with is a shared key between > Alice and Bob and Mallory.
No. What you get is a shared key between Bob and Mallory and *another* shared key between Alice and Mallory. This is important for many reasons. First, it provides a way to detect that a MITM attack has occurred. For example, if the MITM is not there at any time forth after key agreement, the DH-based encryption/decryption will not work since Alice and Bob did NOT share a secret key when under the MITM attack. As another example, if Alice and Bob can communicate using another channel even an ongoing MITM attack can be likewise discovered. Second, and most importantly, this provides a provable way to defeat MITM using plain DH. For a set of communication channels, not necessarily 100% independent from each other, if the probability of successfully mounting a MITM attack is a(i) < 1 for each channel i, then by using N channels of communication we can make the probability of a successful MITM attack as small as we desire and, thus, defeat a MITM attack even using plain DH [1]. Moreover, this method can present an increasing challenge to Mallory's computing resources and timing, such that the probability a(i) itself should further decrease with more channels. In other words, Mallory can only juggle so many balls. I pointed this out some years ago at the MCG list. It's possible to have at least one open and anonymous protocol immune to MITM -- which I called multi-channel DH. Cheers, Ed Gerck [1] In a stronger form, we can allow the probability of successfully mounting a MITM attack to be a(i) = 1 for all except for one channel in the set and still can make the probability of a succesfull MITM attack as small as we desire, so that we can still defeat a MITM attack using plain DH. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
