[messaging] Can a pre-shared public key prevent MITM-attacks?

U.Mutlu for-gmane at mutluit.com
Fri Dec 4 16:31:08 PST 2015


Natanael wrote on 12/05/2015 12:50 AM:
> Den 4 dec 2015 23:49 skrev "U.Mutlu" <for-gmane at mutluit.com>:
>>
>> Martin Dehnel-Wild wrote on 12/04/2015 09:58 PM:
>>>
>>> Yes. Having a pre-shared public key definitely allows you to prevent MITM
>>> attacks. (Where by 'attack' I assume  you mean 'the adversary learns the
>>> agreed key')
>>
>>
>> Yes, indeed that's what I'm meaning by attacks.
>> But I have a hard time to see how the use of a public key can help here,
>> because the public key is by definition known to everybody, so also to
>> the MITM, but then he can easily replace the encrypted message by his
>> own message encrypted with the same public key --> bingo!
>>
>> Or, where is my lack of understanding here?
>>
>> Thanks for the info and links below, I'm going to study them.
>
> This is where you tell them to reply encrypted to your public key, inside
> the encrypted message, and sign it. So they got a message from somebody
> else? If they know you already, they'll see the signature failed. If they
> don't, you'll be the one who notices the total lack of response, and you'll
> try again until you get one (which is signed).

This introduces signing, but in the wikipedia article I had quoted
in the OP signing is not mentioned:
https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange#Public_key

If I might summarize:
  Using DH protocol and adding to it the use of say RSA certificates
  (for signing, enc, dec) will make the DH session MITM-secure,
  for example for subsequently sending a new password (for something else)
  over to the other side.

Is that conclusion right?

That would be what I need, ie. a safe way to send the other side a
new/initial password (for a different purpose), but without any human
interaction as the participants are devices or apps but which already
have their own certificates.






More information about the Messaging mailing list