[cryptography] binding to channel params to prevent MITM
James A. Donald
jamesd at echeque.com
Sat Dec 4 18:16:11 EST 2010
On 2010-12-05 6:50 AM, travis+ml-rbcryptography at subspacefield.org wrote:
> Hey I don't know what it's called, but I'm wondering how one binds a
> challenge/response (or whatever you authenticate with) inside a secure
> tunnel to prevent the peer from relaying it on to another party to
> I assume it could be as simple as signing a nonce and some parameter
> of the channel (such as an ephemeral key) and sending that (or something
> derived from it) as the challenge, but curious what the options and
> tradeoffs are.
Assume we have a username and password, or equivalently, a question and
a secret answer. Perhaps members of the in group use words in a certain
way that an outsider would not, a shibboleth.
We don't want the attacker to be able to be able to do man in the middle
*AND* we don't want the attacker to mount an offline dictionary attack.
Dictionary attack is not a problem if we have a long obscure
authentication such as
But it is a problem if our authentication is
Who sent you?
SRP (Secure Remote Password protocol) solves the problem
copy their source code: You are less likely to screw up.
More information about the cryptography