begin quoting David Brown as of Thu, Dec 06, 2007 at 10:06:16AM -0800: > On Thu, Dec 06, 2007 at 09:38:00AM -0800, SJS wrote: > > >Easy approach would be to send an ssh public key, and then ssh in to the > >other's machine. > > You need to have the recipient out-of-band verify the public key, otherwise > the attacker can do a man-in-the middle attack (although one with > complicated timing). A voice channel to verify the key helps a lot.
Yup. SSH fingerprints are nice an' easy to verify. > >Otherwise, this is just screaming out for a Diffie-Hellman key exchange. > > You still have to authenticate the other party in a DH key exchange, > otherwise a man-in-the-middle attack is very easy. Well, they have the super-seekret phone line. Presumably they can recognize each other's voices, and what they're exchanging is the scrambler settings. But it's a good point... is this protection against an eavesdropper, or an active attacker? > There's quite a bit of difference between a key-fob and an email message. > A key fob is designed to be difficult/expensive to compromise, whereas an > email is pretty close to a public channel. It's practially a postcard. That's faxed everywhere. By hostile robots. -- Do you know where your postcards are? Stewart Stremler -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
