[cryptography] binding to channel params to prevent MITM

James A. Donald jamesd at echeque.com
Sat Dec 4 18:16:11 EST 2010


On 2010-12-05 6:50 AM, travis+ml-rbcryptography at subspacefield.org wrote:
> Hey I don't know what it's called, but I'm wondering how one binds a
> challenge/response (or whatever you authenticate with) inside a secure
> tunnel to prevent the peer from relaying it on to another party to
> answer.
 >
>
> I assume it could be as simple as signing a nonce and some parameter
> of the channel (such as an ephemeral key) and sending that (or something
> derived from it) as the challenge, but curious what the options and
> tradeoffs are.

Assume we have a username and password, or equivalently, a question and 
a secret answer.  Perhaps members of the in group use words in a certain 
way that an outsider would not, a shibboleth.

We don't want the attacker to be able to be able to do man in the middle 
*AND* we don't want the attacker to mount an offline dictionary attack.

Dictionary attack is not a problem if we have a long obscure 
authentication such as
	Auth code?
	V+C6jtCt7aHf2zi1T3RLpC1ScniWAmxlnci4lrGM

But it is a problem if our authentication is
	Who sent you?
	Fred

SRP (Secure Remote Password protocol) solves the problem
http://srp.stanford.edu/

copy their source code:  You are less likely to screw up.




More information about the cryptography mailing list