[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Im talking about the man in the middle

To: Bill Stewart <bill.stewart@pobox.com>
Subject: Re: Im talking about the man in the middle
From: John Hackworth <zooko@wildgoose.tandu.com>
Date: Wed, 23 Jun 1999 14:43:16 -0600
cc: Tony Gurnick <TonyG@clemenger.co.nz>, "'cypherpunks@toad.com'" <cypherpunks@toad.com>
In-Reply-To: Message from Bill Stewart <bill.stewart@pobox.com> of "Wed, 23 Jun 1999 01:22:55 PDT." <3.0.5.32.19990623012255.00947a50@idiom.com>
Sender: owner-cypherpunks@toad.com


 A million secret agents operating under the pseudonym
 "Bill Stewart <bill.stewart@pobox.com>" typed:
>
> If you don't know who the man on the other end is, except
> by who he says he is, you don't have any way to tell who he is.
> 	(Well, you can probably tell that he isn't you, 
> 	at least if you're human, unless you're a solipsist or confused.)
> Can you tell if the man in the middle is really in the middle
> or really at the other end?  Naah.


Hm.  It's not quite as simple as just "No.".  In some cases 
(alluded to below), you _can_ tell.


> There's a variant on Diffie-Hellman that lets you annoy the
> man in the middle by sending your encrypted message in two parts,
> but it doesn't cover all the possible attacks,
> and it certainly can't make up for the lack of shared information.
> (Rivest-Shamir Interlock Protocol, see Pg. 49 of Schneier.)


Schneier's summary of the Interlock Protocol misses the most 
important point: that the Interlock Protocol is useful only for
"full-duplex" communications, in which both parties are sending
information to one another simultaneously.  The much more 
common case is "half-duplex" communications, in which each 
party first listens to the other, then says something, then 
listens again, etc.


(Then there's the added subtlety that Mitch (the Man In The 
CHannel) can always perfectly emulate any agent whose behavior
is determined solely by publically known algorithms and 
randomly generated numbers...  But of course almost none of the
interactions that we actually care about are composed _solely_
of those kinds of protocols...)


If you're interested in the Interlock Protocol, Tony, it's 
better to read Rivest and Shamir's paper entitled "How to 
Expose an Eavesdropper" in "Communications of the ACM" v.27 n.4
Apr.  1984 than to just read Schneier's description.  (For 
people who, like me, are intimidated by complicated stuff, 
Rivest and Shamir's original paper is actually clearer and 
easier to read than Schneier's version.)


And by the way, as far as I can tell you should just ignore 
"Mutual Authentication Using the Interlock Protocol" on p.54 of
Schneier.  The scheme described is pretty much broken by Steve
Bellovin, and anyway since it assumes that Alice and Bob share
secrets to begin with I don't see why they wouldn't just use a
simpler authentication system.



Regards,

Zooko, as far as you know

-------
mailto: zooko@wildgoose.tandu.com
http://wildgoose.tandu.com/~zooko/

References:
- RE: Im talking about the man in the middle
  - From: Bill Stewart <bill.stewart@pobox.com>