If what you want to know is how to prevent man-in-the-middle attacks, then I think this article might be helpful:
http://www-128.ibm.com/developerworks/linux/library/l-openssl2.html?ca=dgr-lnxw06SecureHandshake The essential point to remember is you have to be able to prove you are communicating with a particular person/server (otherwise they could be anyone). In general this requires there to be someone else you trust -- which may or may not suit your application. On Aug 17, 2:34 am, Oleg <[EMAIL PROTECTED]> wrote: > Good day. > > We have client-server. Each client use password for authentication, > server has hashes of passwords. After successfull authentication > client and server transmits some data. > > We need to encrypt transmitting data. As I understand, reading this > list, we need to generate session key and encrypt data, using this > key. I found that DH - one of algorithms for session key generation. > But it unsecure for the man-in-the-middle attack. Could we somehow use > password hash to rise the security? > > I would be very much obliged to you if you will give me some > directions to google. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [EMAIL PROTECTED] More information about Crypto++ and this group is available at http://www.cryptopp.com. -~----------~----~----~----~------~----~------~--~---
