[88009] in Cypherpunks
Re: authentication suggestion for secure phone (Re: computationally infeasible jobs for MITMs)
daemon@ATHENA.MIT.EDU (The Spook)
Fri Oct 10 12:42:04 1997
Date: Fri, 10 Oct 1997 09:51:24 -0600
From: The Spook <ts@dev.null>
To: John Deters <jad@dsddhc.com>
CC: Adam Back <aba@dcs.ex.ac.uk>, stewarts@ix.netcom.com, eb@comsec.com,
jamesd@echeque.com, cypherpunks@Algebra.COM, kelsey@plnet.net
Reply-To: The Spook <ts@dev.null>
John Deters wrote:
>
> At 01:15 PM 10/10/97 +0100, Adam Back you wrote:
> >Persistence authentication suggestion:
> >A way to use the fact that you have had one or more non-MITM'd calls
> >is for the unit to remember the number and exchange a secret with the
> >called unit inside the encryption envelope.
> I agree with you that external authentication is the only way to fly. And
> if it is simply accepted, lets let Eric's unit survive unmolested and use
> PGP out-of-band (as per Monty's suggestion) or use PGP to exchange session
> keys (like in Speak Freely.)
>
> I also think the most likely avenue of attack will be a black bag job on
> the individual user's phone. MITM attacks seem too risky and expensive to
> pay off.
I'm not a subscriber to the CypherPunks list, but I have been monitoring
the emissions from John's computer screen, and I would just like to say
that I agree with him, wholeheartedly. I often tell my superiors that
there are much better ways to be spending taxpayer money.
I am not alone in my agreement with most of what is being said in this
thread.
The spook supplying heroin to Adam Back's lover agrees with most of this
thread, as does the spook peeking through Eric's window (although she
disagrees with the suggestion to "let Eric's unit survive unmolested").
The one exception is the grandson of Patton who is doing surveillance
on Monty. His method is quite simply to beat Monty to the phone.
Spooky
(isn't it?)