Penguin

ManInTheMiddle is a classic cryptographic attack.

If Alice and Bob want to communicate securely via email (or phone or whatever) then unless they have some means to authenticate themselves and each other, Cain could pretend to Alice that he's Bob and pretend to Bob that he's Alice. When Alice sends a message to Cain (whom she thinks is Bob), she encrypts it with Cains key and sends it to him, he receives it, decrypts it, reads the message, and encrypts it with Bob's key and sends it to him. Unless they have some way of communicating outside of the secure channel, Alice and Bob may never know that their email is being read.

The combination of authentication, DiffieHellmanKeyExchange and Signatures or the WebOfTrust are thought to be effective countermeasures to ManInTheMiddle attacks.


CategoryCryptography