[12600] in cryptography@c2.net mail archive
Applied Cryptography: question on skid3
daemon@ATHENA.MIT.EDU (MindFuq)
Sun Mar 2 13:23:19 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
Date: Sun, 2 Mar 2003 02:24:29 +0000
From: MindFuq <mindfuq@comcast.net>
To: cryptography@wasabisystems.com
I have a question on what seems to be a defect in the Applied
Cryptography book, and I couldn't get an answer out of Schneier or the
cypherpunks mailing list. Could any of you please clarify my issue?
My question is regarding Schneier's write up of SKID3 on page 56. He
states that the protocol is not secure against man-in-the-middle
attacks because no secrets are involved. I'm finding this hard to
accept, because SKID3 uses a MAC, which requires a shared secret key
between the two parties. I played out the scenario, and cannot see
how a man in the middle could attack w/out knowing the secret key used
in the MAC.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
