On Tue, Mar 9, 2010 at 12:48 AM, Olivier Nicole <olivier.nic...@cs.ait.ac.th > wrote:
> > What happened to Diffie-Hellman? Last I heard, its whole point was > > to enable secure communication, protected from both eavesdropping > > and MIM attacks, between systems having no prior trust relationship > > (e.g. any sort of pre-shared secret). What stops the server and > > client from establishing a Diffie-Hellman session and using it to > > perform the key exchange? > > I am not expert in cryptography, but logic tends to tell me that is I > have no prior knowledge about the person I am about to talk to, > anybody (MIM) could pretend to be that person. > > The pre-shared information need not to be secret (key fingerprints are > not secret), but there is need for pre-shared trusted information. > But to some extent, we setup and configure these machines ourselves. So when we're adding users could we not have an additional field with something like a phrase/answer or something else like that? Obviously it could be completely optional but it would be kind of neat and probably not too difficult to implement. Mark _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"