Applied Cryptography: question on skid3
MindFuq
mindfuq at comcast.net
Sat Mar 1 21:24:29 EST 2003
I have a question on what seems to be a defect in the Applied
Cryptography book, and I couldn't get an answer out of Schneier or the
cypherpunks mailing list. Could any of you please clarify my issue?
My question is regarding Schneier's write up of SKID3 on page 56. He
states that the protocol is not secure against man-in-the-middle
attacks because no secrets are involved. I'm finding this hard to
accept, because SKID3 uses a MAC, which requires a shared secret key
between the two parties. I played out the scenario, and cannot see
how a man in the middle could attack w/out knowing the secret key used
in the MAC.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list