|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: DH-CHAPOn Fri, 12 Apr 2002, David Jablon wrote: > Whether or not one likes SRP, I don't see the compelling > argument for DH-CHAP. Here's why. > > Regarding Yongge Wang's active attack on DH-CHAP ... > > At 10:47 AM 4/12/02 -0400, Theodore Tso wrote: > >Um, how is this not a man-in-the-middle attack? Intercepting a D-H > >exchange (which is what you have to do in order to gain access to the > >CHAP exchange) is pretty much the classic example of a MITM attack. > > Here's a difference: > > In Yongge's attack, the enemy listens and sends a packet, > but doesn't really need to block other traffic. > > In an eavesdropper attacks (e.g on CHAP) the enemy only listens. > In the classic DH MITM attack, the enemy completely controls > the communication channel and intercepts, modifies, and forwards > modified packets. Yongge's attack falls between these extremes. > For many scenarios, I'll argue that there's no big extra barrier > for an eavesdropper to also be able to send. There is one difference. The attack will get noticed. Yongge's attack (as I understand it) is essentially a MITM attack, except that MITM usually tries to continue the conversation while in this case the rogue just leaves after it gets the response it needs. This attack involves the rogue agent sending a response to the initiator giving it a g^x mod n to use. That g^x mod n will not be the one the target chose, so this attack will result in a login failure; a failure with the same signature as a MitM attack. So that is one difference between DH-CHAP and CHAP - you have to go to an active attack to get at the password. Take care, Bill
Home Last updated: Sun Apr 14 15:18:28 2002 9659 messages in chronological order |