-
Notifications
You must be signed in to change notification settings - Fork 284
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A basic question: How do you prevent man in the middle? #2359
Comments
In Tox users are identified by their Tox Id, which contains the public key. It's assumed that two users wanting to communicate via Tox have already exchanged their Tox Ids via a secure channel. With both users knowing each other's Tox Id, they can verify each other's identity, making MitM not possible. Also note:
|
So you mean that the key exchange is not a part of the protocol? So how are you doing that in this software? In clear text? |
The problem is that in MITM attack the user will never know he is being impersonated! |
what @nurupo wrote:
|
It is a part of the protocol. See the handshake in https://toktok.ltd/spec.html#net-crypto What I mean is that there is no need for a CA. Since Alice knows Bob's public key and Bob knows Alice's public key before the key exchange happens, they can use ECDH to generate a shared key that only Alice and Bob would know, preventing the MITM attack. For the MITM attack to be successful, the MITM attacker would need to know Alice's or Bob's secret key.
https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman Btw, if you are looking to learn about AKEs, I suggest to look into Noise protocol. Even Tox is planning on integrating a Noise-based key exchange, as it would provide some additional security properties, e.g. the aforementioned user impersonation due to the secret key compromise wouldn't be an issue. |
I'm aware of diffie-helman and public key encryption; MITM attack happens when parties do not know each other's public keys. You say exchanging public keys is not a part of this protocol and it is assumed to be done somehow else, via a secure channel (that is probably a centralized CA). |
@badihi |
Hello guys, and nice job with the messenger!
I reached your homepage this morning and I became so interested in your project. But there is something I cannot understand.
You claim that the protocol is completely peer to peer and end-to-end encrypted. The question is, how is it even possible? Due to my knowledge of cryptography, there is no (regular) way to prevent man in the middle in absence of a CA in peer to peer encrypted communications. So it would be appreciated if you could enlighten me about this matter.
Isn't it possible for an adversary (maybe an evil ISP, for example) to sit between users and play the role of man in the middle in this protocol?
The text was updated successfully, but these errors were encountered: