how to defeat MITM using plain DH, Re: anonymous DH & MITM

Ed Gerck egerck at nma.com
Mon Oct 6 14:12:54 EDT 2003


Jerrold Leichter wrote:

> [Using multiple channels on the assumption that the MITM can't always get all
> of them.]
>
> This is starting to sound like some very old work
> ...[example deleted]

1948 sounds right? The mathematical basis for this approach is Shannon's
Tenth Theorem of 1948. We are creating a correction channel. BTW, the
main reason why I decided to point this out is because, even though this
thread has been going on for a long time, the possibility of defeating MITM
with plain DH was not being recognized. Perhaps we need more examples
like yours and Zooko's. Who else has more examples?

The question of anonimity seems to be still pending, as raised by Anton
and bear.  The problem here seems to be the definition of anonymity.
Are we willing to accept that anonymity must decrease over time as
a result of the very communication based on that anonymity? In other
words, anonymity is not a static property of a communicaiton channel.

I note also that in multi-channel DH the interest is in creating many session
keys with very small delay. Thus, using newspaper, commercial
radio, television, etc. is not so feasible. The keys are also ephemeral and
cost is an issue. The DH multi-channels need to be created in real-time and
at low cost for this approach to be practical.

Ed Gerck

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list