how to defeat MITM using plain DH, Re: anonymous DH & MITM
Jerrold Leichter
jerrold.leichter at smarts.com
Sun Oct 5 06:25:39 EDT 2003
[Using multiple channels on the assumption that the MITM can't always get all
of them.]
This is starting to sound like some very old work - to which I don't have a
reference - on what was called the "wiretap channel". Basic idea: Alice and
Bob wish to talk; Carol can listen in to everything, but her tap isn't
perfect, so she gets a BER that's slightly higher. Alice and Bob can then
choose a code (in the information-theory sense, not the crypto sense) that is
fine-tuned to exactly match their BER - and also has the property that if you
have one more bit error than the code supports, you can't decode at all.
They get through, Carol gets nothing.
The same idea has been revived in creating CD's that work in audio players but
not PC's (which hvae CD drives that typically are not willing to tolerate as
high an error rate.)
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list