Differences between current version and revision by previous author of ManInTheMiddle.
Other diffs: Previous Major Revision, Previous Revision, or view the Annotated Edit History
Newer page: | version 4 | Last edited on Wednesday, November 14, 2007 7:37:15 am | by ShaneHowearth | |
Older page: | version 3 | Last edited on Thursday, April 1, 2004 4:00:43 am | by StuartYeates | Revert |
@@ -1,8 +1,8 @@
[ManInTheMiddle] is a classic cryptographic attack.
-If Alice and Bob want to communicate securely via email (or phone or whatever) then unless they have some means to authenticate themselves and each other, Cain could pretend to Alice that he's Bob and pretend to Bob that he's Alice. When Alice sends a message to Cain (whom she thinks is Bob), she encrypts it with Cains key and sends it to him, he receives it, decrypts it, reads the message, and encrypts it with Bob's key and sends it to him. Unless they have some way of communicating outside of the secure channel, Alice and Bob may nevre
know that their email is being read.
+If Alice and Bob want to communicate securely via email (or phone or whatever) then unless they have some means to authenticate themselves and each other, Cain could pretend to Alice that he's Bob and pretend to Bob that he's Alice. When Alice sends a message to Cain (whom she thinks is Bob), she encrypts it with Cains key and sends it to him, he receives it, decrypts it, reads the message, and encrypts it with Bob's key and sends it to him. Unless they have some way of communicating outside of the secure channel, Alice and Bob may never
know that their email is being read.
The combination of authentication, DiffieHellmanKeyExchange and [Signature]s or the WebOfTrust are thought to be effective countermeasures to ManInTheMiddle attacks.
----
CategoryCryptography