[1744] in cryptography@c2.net mail archive
Re: Defeating MITM with Eric's Secure Phone
daemon@ATHENA.MIT.EDU (Bill Frantz)
Mon Oct 13 12:13:07 1997
In-Reply-To: <199710110651.BAA02401@email.plnet.net>
Date: Sun, 12 Oct 1997 22:27:16 -0700
To: "John Kelsey" <kelsey@plnet.net>,
"Perry's Crypto List" <cryptography@c2.net>,
"cypherpunks" <cypherpunks@algebra.com>
From: Bill Frantz <frantz@netcom.com>
At 11:53 PM -0700 10/10/97, John Kelsey wrote:
>This is *almost* right. We need to add one more thing,
>though:
>
>1. Alice calls Mallory, thinking she's calling Bob.
>She reads the first three digits to him. He makes the
>connection fall apart. At the same time, Mallory calls Bob,
>pretending to be Alice, and causes the connection to fall
>apart at the same time.
John - You're absolutely right. I haven't had a phone connection fail
after connect for a coon's age, but I remember the bad old days of living
in GTE-land. (For example, the time I called my wife from work and she
asked me to call Kristine and have her call because no one in Los Gatos
could call out.)
A comm failure during authentication should be enough reason to go to the
next set of 16 words.
N.B. I was assuming that Alice would only commit one digit to Bob before
having Bob commit one digit to her. It seems from our analysis that doing
it one digit at a time greatly improves the chances of catching Mallory
early.
-------------------------------------------------------------------------
Bill Frantz | Internal surveillance | Periwinkle -- Consulting
(408)356-8506 | helped make the USSR the | 16345 Englewood Ave.
frantz@netcom.com | nation it is today. | Los Gatos, CA 95032, USA
