CryptKit 0.9: cryptsock

Bryan bryan at
Sat Dec 1 12:06:24 CET 2001

On Friday 30 November 2001 11:41 pm, Paul Rubin wrote:

> Bryan <bryan at> writes:
> > > Stupid newbie question: How does cryptsock guard against a
> > > man-in-the-middle attack?
> >
> > Good question. This version doesn't. The next version will implement
> > ECPAK. I am trying to stay away from CA's for now. Any suggestions?
> CA's are for when you're trying to talk to complete strangers.  If
> you're trying to talk to someone you already "know", the obvious
> non-CA authentication strategy is use a shared secret key.  You still
> want to want DH-like key agreement for the channel encryption, because
> of the forward secrecy.

When you say "shared secret key" do you mean that the remote and local hosts 
both have apriori knowledge of the symmetric key? Or are you referring to  
some other mutually shared token, like a password?  If you meant the latter, 
then I agree with you completely and you should see that feature appear in 
the next release :)

Take care,
Bryan Mongeau
Lead Developer, Director
eEvolved Real-Time Technologies Inc.
Public key:

"Imagination is more important than knowledge."-- Einstein

More information about the Python-list mailing list