Applied Cryptography: question on skid3
David Hopwood
david.hopwood at zetnet.co.uk
Mon Mar 3 16:42:38 EST 2003
MindFuq wrote:
> I have a question on what seems to be a defect in the Applied
> Cryptography book, and I couldn't get an answer out of Schneier or the
> cypherpunks mailing list. Could any of you please clarify my issue?
>
> My question is regarding Schneier's write up of SKID3 on page 56. He
> states that the protocol is not secure against man-in-the-middle
> attacks because no secrets are involved. I'm finding this hard to
> accept, because SKID3 uses a MAC, which requires a shared secret key
> between the two parties. I played out the scenario, and cannot see
> how a man in the middle could attack w/out knowing the secret key used
> in the MAC.
You're correct, AFAICS.
--
David Hopwood <david.hopwood at zetnet.co.uk>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list