[2115] in cryptography@c2.net mail archive
Re: Something really new??
daemon@ATHENA.MIT.EDU (Barney Wolff)
Fri Feb 6 14:46:38 1998
From: Barney Wolff <barney@databus.com>
To: cryptography@c2.net
Date: Fri, 6 Feb 1998 14:07 EST
With all due respect, this seems like overkill. It's easy (and I would
have thought obvious) to make this determination using existing
algorithms. A and B each pick a large random number, say Ra and Rb, and
exchange them. A computes a keyed hash of (A,Rb,Ra) and sends it to B,
while B computes the hash of (B,Ra,Rb) and sends it to A.
Iff the pairs of hashes match, both A and B know the same secret, but if
the hashes do not match, nothing about the secret known to either side
has been revealed, either to the other party or to any third party.
Even if A and B do not trust each other, neither can gain anything by
waiting to see the other's random or hash. An active attacker can
pretend to be either side, which can be prevented by splitting the
randoms. I didn't see anything in the "discovery" that would prevent
active attacks.
Ok, so what am I missing?
Barney Wolff <barney@databus.com>
