In message <[EMAIL PROTECTED]>, Benja Fallenstein writes: > >Hi, > >bear wrote: >>>>>starting with Rivest & Shamir's Interlock Protocol from 1984. >>>> >>>>Hmmm. I'll go read, and thanks for the pointer. >> >> Perhaps I spoke too soon? It's not in Eurocrypt or Crypto 84 or 85, >> which are on my shelf. Where was it published? > >Communications of the ACM: Rivest and >Shamir, "How to expose an eavesdropper", CACM vol 24 issue 4, 1984. If >you have an ACM Digital Library account, it's at > >http://portal.acm.org/ft_gateway.cfm?id=358053&type=pdf&coll=ACM&dl=ACM&CFID=1 >2683735&CFTOKEN=40809148 > >I've started writing a short summary earlier today, after reading, but >then I got distracted and didn't have time... sorry :) Hope this helps >anyway. > >The basic idea is that Alice sends *half* of her ciphertext, then Bob >*half* of his, then Alice sends the other half and Bob sends the other >half (each step is started only after the previous one was completed). >The point is that having only half of the first ciphertext, Mitch can't >decrypt it, and thus not pass on the correct thing to Bob in the first >step and to Alice in the second, so both can actually be sure to have >the public key of the person that made the other move. >
You have to be careful how you apply it; sometimes, there are attacks. See Steven M. Bellovin and Michael Merritt, "An Attack on the Interlock Protocol When Used for Authentication," in IEEE Transactions on Information Theory 40:1, pp. 273-275, January 1994, http://www.research.att.com/~smb/papers/interlock.ps for an example of how it's a bad protocol to use to send passwords. --Steve Bellovin, http://www.research.att.com/~smb --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]