Hacker News new | ask | show | jobs
by theboss 4715 days ago
Kind of interesting scheme that doesn't really work in 2013.

Wouldn't this be vulnerable to replay attacks, or am I missing something?
2 comments
hellcow 4715 days ago
If Alice's messages could all be intercepted and manipulated prior to Bob's receiving them, then yes, they could be changed without either party knowing.

Combined with asymmetric encryption of the messages, you should be able to prevent that from happening.

link
theboss 4715 days ago
Without any manipulation why wouldn't this be vulnerable to a replay attack?
link
jamesrom 4715 days ago
No. This is just a method of "securing" messages without encryption. It still requires a shared key. Replaying messages sent this way would be no different to replaying an encrypted message.

This is not an authentication scheme.

link