[messaging] MITM-safe communication w/o authentication possible?

Jeff Burdges burdges at gnunet.org
Mon Nov 30 05:37:47 PST 2015

On Sun, 2015-11-29 at 21:32 +0100, U.Mutlu wrote:
> I wonder if it can be possible, at least theoretically, to have a
> MITM-secure internet channel without the use of PKI and/or
> persistent password (ie. w/o authentication, like in the telephone
> network)?
> Of course the communication must be encrypted against passive MITM,
> and must also detect active MITM.
> Does anybody know of such a protocol, info, papers etc.?

Also, are you willing to make the human participants do intellectual
work to secure their conversation?  

You know about ZRTP use of voice authentication, right?  We've
discussed previously the voice morphing attacks that make this scheme
insecure against very advanced adversaries : 

In that conversation, we discussed using complex human intellectual
games and conversational constructs.  Just an example :  Your session
secret is run through scrypt with a human perceptible delay.  The
results are used locate a series of quotations from say the 12k on
wikiquote that are displayed to both users.  Users are instructed not
to communicate the quotations directly, but instead communicate them
indirectly using obscure jokes, linguistic tricks, etc.  In particular,
users are encouraged to obscurely "foreshadow" the quotes in their
conversation and then go back to explain how the foreshadowing connects
to the actual quotes.  

It'd take a serious AI investment to defeat this sort of authentication
when done correctly, but..  First, almost no one would do it correctly.
 Second, human agents could still do direct impersonation attacks quite
easily, provided they could know what the parties knew about one
another.  In other words, these schemes increase the risk of exposure
for the adversary, but defeating them will never be anything like as
hard a bruit forcing 128 bits or whatever. 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20151130/2adf40f9/attachment.sig>

More information about the Messaging mailing list