Hacker News new | ask | show | jobs
by LPisGood 42 days ago
Diffe-Hellman-Merkel key exchange is vulnerable to attacker-in-the-middle attacks.

Eave could just do key negotiation with Alice and separately do key negotiation with Bob. You have to use a slightly more complicated cryptographic protocol to avoid this issue.
1 comments
traderj0e 42 days ago
The only way to avoid this issue is if Alice and Bob can talk out-of-band. There's no protocol that fixes this.
link
mrexcess 42 days ago
True but the out of band secure channel could just be something like DNS, automated and constantly subject to distributed monitoring for deltas.
link