|
|
|
|
|
|
by just-ok
2194 days ago
|
|
|
> The Diffie–Hellman exchange by itself does not provide authentication of the communicating parties and is thus vulnerable to a man-in-the-middle attack.[1] Whoever controls key distribution can control the encryption channel; without a way to verify public keys, all bets are always off. You're right that auditing the client is one (if not the only?) way to do this. [1]: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exc... |
|
|