Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

EDIT: Ignore me I've confused terminology.

> Doubt it. DHE does not offer protection against MITM attacks, which an active attacker can certainly do with a powerful enough antenna.

Huh? That's precisely what Diffie-Hellman is for. It's a protocol for establishing a shared secret over an insecure channel. Have you got an antenna big enough to read the private key? Sure, you can argue that pure DH is weak compared to ECDH or PKCS, but this is exactly what the system does.

No, DH doesn't stop impersonation or spoofing attacks. It doesn't do authentication. That much I agree with you on. You need something like ECDSA for that. But those types of attacks aren't MITM.



DHE protects against eavesdroppers, not middlemen.


Oh, fair enough. Dang, I get those confused far too often for my own good.


You don't think that MITM is a kind of impersonation attack? DHE is a mechanism for agreeing on a secret; it does nothing to authenticate the station you're agreeing on that secret with.

Think of what happens in TLS interception; DHE still takes place with the intercepting device, it's PKI which tells you who you're agreeing with.


Yeah, I had my terminology confused. I was mistaken.


In fact, you were closer to the truth than the person you replied to.

The new standard uses a PAKE (password-authenticated key exchange) protocol. This type of cryptographic construct is similar to an unauthenticated key exchange protocol (such as Diffie-Hellman), but in addition succeeds only if both parties know the same password, without leaking any information about the password to a party if they don’t know it. At least one of the best-known PAKE algorithms, namely SRP, is quite similar to Diffie-Hellman in structure, although it’s not the one being used here (which I don’t know anything about).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: