[14240] in cryptography@c2.net mail archive
Re: Who is this Mallory guy anyway?
daemon@ATHENA.MIT.EDU (Ian Grigg)
Mon Sep 22 17:03:11 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 22 Sep 2003 16:53:46 -0400
From: Ian Grigg <iang@systemics.com>
Reply-To: iang@systemics.com
To: crypto <cryptography@metzdowd.com>
> someone wrote:
>
> Hiya.
>
> Dumb question. Why is the bad guy called Mallory in
> this thread? I always thought that traditionally the
> two correspondents were called Alice and Bob and that
> the bad guy was called Eve. (As in, short for eavesdropper?).
> Intercepting the bits and sending them is precisely
> the sort of thing that Eve does all the time.
Mallory is the Man-in-the-Middle. He is the one
that inserts himself into a connection, in an
active attack, and sends packets to both Alice
and Bob. He can send one thing to Bob, and
send another thing to Bob. In this way, he
can insert himself into a Diffie-Hellman key
exchange, and send completely separate numbers
to both both parties.
Eve is indeed the eavesdropper. She can only
listen.
(As a further point, there are other personas,
being Trent, the trusted third party. Also,
Victor, a verifier. In financial cryptography
we use Ivan as an Issuer and sometimes Matilda
as a merchant. Carol and Dave can assist
Alice and Bob in more complex protocols.)
> I would have said "Mallory is acting as Eve", not
> "Eve is acting as Mallory". But then, I'm surprisingly
> ignorant about all sorts of "obvious" things, Maybe
> you could clear this up for me?
Well, that's the question - is Eve allowed to
forward packets, in the act of listening, or
is that the Mallory's job? I don't know.
Given the silence on the issue, and the differeng
usages, I'd say we've reached an uncertainty in
the definition.
The question revolves around whether Eve's name
derives from her eavesdropping, or whether she
is passive, and can only do stuff that can be
done by observation. If she is allowed to resend
because she is eavesdropping then that's ok. But,
if she must only passively listen - measure - and
cannot resend, then what this Quantum stuff does
is eliminate her from consideration because she
will always give herself away. Hence, only
Mallory, the MITM, can do the job. In effect,
it is very close to Anon-DH - in that Eve cannot
crack the crypto, but Mallory can.
It's a minor point, it doesn't really change the
crypto at all, but it can evoke different images
in different people if they don't agree on which
it is. So one has to be careful, as the essence
of naming is, after all, efficient communication.
iang
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com