[freenet-dev] Easier reference swapping
Martin Scheffler
the_bishop at web.de
Tue Mar 6 06:39:51 UTC 2007
Am Dienstag, 6. März 2007 07:18 schrieb Volodya:
> 'Authorised peer' will tell you that an was unable to connect, and then
> you know that somebody intercepted the password.
If the MITM has the ability not only to read the IP+OTP messages, but to
redirect the traffic from IP-A to IP-B through his fake node, then you
can not distinguish MITM and peer.
out of band by phone, PGP or handwritten papermail would be the best proof
in that case.
> Like i said it is *still* a 1 time password, meaning that if real user
> typed it the intruder won't be able to use it, so intruder must do it
> before the real peer does, which will raise the alarm since that peer
> is your friend and you will be immediately informed that 'pass doesn't
> work, mate'.
not really... the MITM could try to use the both passwords immediately and
fake the both other sides.
If you dont have out-of-band means to verify the information from the peer
node, you have a connection to the wrong node and only see the forged
verification.
good byte
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://emu.freenetproject.org/pipermail/devl/attachments/20070306/0c59cce4/attachment.pgp
More information about the Devl
mailing list