I have a question on what seems to be a defect in the Applied Cryptography book, and I couldn't get an answer out of Schneier or the cypherpunks mailing list. Could any of you please clarify my issue?
My question is regarding Schneier's write up of SKID3 on page 56. He states that the protocol is not secure against man-in-the-middle attacks because no secrets are involved. I'm finding this hard to accept, because SKID3 uses a MAC, which requires a shared secret key between the two parties. I played out the scenario, and cannot see how a man in the middle could attack w/out knowing the secret key used in the MAC. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
