[messaging] Can a pre-shared public key prevent MITM-attacks?
natanael.l at gmail.com
Fri Dec 4 15:50:30 PST 2015
Den 4 dec 2015 23:49 skrev "U.Mutlu" <for-gmane at mutluit.com>:
> Martin Dehnel-Wild wrote on 12/04/2015 09:58 PM:
>> Yes. Having a pre-shared public key definitely allows you to prevent MITM
>> attacks. (Where by 'attack' I assume you mean 'the adversary learns the
>> agreed key')
> Yes, indeed that's what I'm meaning by attacks.
> But I have a hard time to see how the use of a public key can help here,
> because the public key is by definition known to everybody, so also to
> the MITM, but then he can easily replace the encrypted message by his
> own message encrypted with the same public key --> bingo!
> Or, where is my lack of understanding here?
> Thanks for the info and links below, I'm going to study them.
This is where you tell them to reply encrypted to your public key, inside
the encrypted message, and sign it. So they got a message from somebody
else? If they know you already, they'll see the signature failed. If they
don't, you'll be the one who notices the total lack of response, and you'll
try again until you get one (which is signed).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Messaging