CryptKit 0.9: cryptsock
bryan at eevolved.com
Sat Dec 1 12:06:24 CET 2001
On Friday 30 November 2001 11:41 pm, Paul Rubin wrote:
> Bryan <bryan at eevolved.com> writes:
> > > Stupid newbie question: How does cryptsock guard against a
> > > man-in-the-middle attack?
> > Good question. This version doesn't. The next version will implement
> > ECPAK. I am trying to stay away from CA's for now. Any suggestions?
> CA's are for when you're trying to talk to complete strangers. If
> you're trying to talk to someone you already "know", the obvious
> non-CA authentication strategy is use a shared secret key. You still
> want to want DH-like key agreement for the channel encryption, because
> of the forward secrecy.
When you say "shared secret key" do you mean that the remote and local hosts
both have apriori knowledge of the symmetric key? Or are you referring to
some other mutually shared token, like a password? If you meant the latter,
then I agree with you completely and you should see that feature appear in
the next release :)
Lead Developer, Director
eEvolved Real-Time Technologies Inc.
Public key: http://eevolved.com/bcm.pk
"Imagination is more important than knowledge."-- Einstein
More information about the Python-list