[12624] in cryptography@c2.net mail archive
Re: Applied Cryptography: question on skid3
daemon@ATHENA.MIT.EDU (David Hopwood)
Wed Mar 5 18:50:38 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
Date: Mon, 03 Mar 2003 21:42:38 +0000
From: David Hopwood <david.hopwood@zetnet.co.uk>
To: cryptography@wasabisystems.com
MindFuq wrote:
> I have a question on what seems to be a defect in the Applied
> Cryptography book, and I couldn't get an answer out of Schneier or the
> cypherpunks mailing list. Could any of you please clarify my issue?
>
> My question is regarding Schneier's write up of SKID3 on page 56. He
> states that the protocol is not secure against man-in-the-middle
> attacks because no secrets are involved. I'm finding this hard to
> accept, because SKID3 uses a MAC, which requires a shared secret key
> between the two parties. I played out the scenario, and cannot see
> how a man in the middle could attack w/out knowing the secret key used
> in the MAC.
You're correct, AFAICS.
--
David Hopwood <david.hopwood@zetnet.co.uk>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
