hi, > The only thing that might, as far as I can see, > succeed (with a high > probability) would be for everyone to hash the > *next* half - meaning that, > together with half 2 of message N, there will be the > hash of half one of > message N + 1. However, I don't see how this would > be possible for an > interactive communication...
As far as i can extend the previous attack,i.e faking 1 packet for interlock protocol in the above 1 you propose,extending the same attack it only takes Mallory one and a half faked packets to launch a succefull attack on the above proposal. let A=Alice M=Mallory B=Bob let 1:1 indicate 1 st packet ,1st half 1:2 indicate 1 st packet , 2nd half 2:1 indicate 2 nd packet, 1st half 2:2 indicate 2nd packet , 2nd half and so on so we are now have 1:2 and 2:1 as one complete message and so on No: A M B 1 A->1:1 M->1:1 2 M->1:1 B->1:1 3 A->1:2 M->1:2 4 M->1:2 B->1:2 5 A->2:1 M->2:1 6 M->2:1 B->2:1 7 A->2:2 ****** The blank spaces corresponding to each row indicates that it is a sender and the other 2 are receivers. Once Mallory receives A->2:2 ,he has 2 full packets in hand and has faked 1 and a half packets(Step 7) **** indicates that it is now the earler packet Bob receives of Alice after Mallory's manupilation. I hope that table will give some clarity. now he can send Bob the original message of Alice. So I think the above suggested protocol will not work. Mallory can still get away with his scheme Regards Data. --- Marcel Popescu <[EMAIL PROTECTED]> wrote: > From: "gfgs pedo" <[EMAIL PROTECTED]> > > > One solution suggested against the man in the > middle > > attack is using the interlock protocol > > This is the one I vaguely recalled, thank you. > > > All mallory would have to do is send the half of > the > > (n th) packet when he receives the half of (n+1)th > > packet since the 1 st packet was faked by mallory. > > Interesting attack... assuming that a one-block > delay doesn't look > suspicious. > > What if every message except the very first one has > a hash of the previously > received message? > > A -> (M ->) B: half 1 of message A1 > B -> (M ->) A: half 1 of message B1 | hash (half 1 > of message A1) > A -> (M ->) B: half 2 of message A1 | hash (half 1 > of message B1) > B -> (M ->) A: half 2 of message B1 | hash (half 2 > of message A1) > A -> (M ->) B: half 1 of message A2 | hash (half 2 > of message B1) > ... and so on > > Nah... won't work; since M captures A1 and B1, he > can compute the hashes for > both the initial bogus message and the (delayed) > genuine ones. Same if they > try hasing all the previous messages. > > What if they send the hash of the *other* half? (The > program splitting the > messages already has the full ones.) > > A -> (M ->) B: half 1 of message A1 | hash (half 2 > of message A1) > B -> (M ->) A: half 1 of message B1 | hash (half 2 > of message B1) > A -> (M ->) B: half 2 of message A1 | hash (half 1 > of message A1) > B -> (M ->) A: half 2 of message B1 | hash (half 1 > of message B1) > ... and so on > > Nope, no good... M fakes the first message in both > direction, and then he > always has a good one, so he can compute the hashes. > > The only thing that might, as far as I can see, > succeed (with a high > probability) would be for everyone to hash the > *next* half - meaning that, > together with half 2 of message N, there will be the > hash of half one of > message N + 1. However, I don't see how this would > be possible for an > interactive communication... > > Thanks, > Mark > > __________________________________________________ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com