- #1
mtanti
- 172
- 0
Contradict me if I'm wrong...
If Black Hat blocks and controls Alice’s internet activities (a man in the middle attack) than these 2 situations can arise:
1. ALICE DOES NOT HAVE BOB'S PUBLIC KEY
Alice sends Bob her public key but it is blocked by Black Hat and instead he sends his public key ‘A’ to Bob. When Bob sends Alice his public key Black Hat blocks it and gives Alice his second public key B. This will then result in Bob sending an encrypted file (using key A) to Alice, blocked by Black Hat, decrypted with his key A, encrypted with Alice’s public key and sent to Alice. The same when Alice sends to Bob but using key B. An effective man in the middle attack were no one can suspect anything.
2. ALICE ALREADY HAS BOB'S PUBLIC KEY (BOB BEING A CERTIFICATE AUTHORITY FOR EXAMPLE)
Alice sends Bob her public key encrypted with Bob's key to prevent the previous situation from arising. Black Hat can still block Alice’s key from arriving to Bob and substitute it with his own key A. Bob will not send his public key because Alice already has it. Now what will happen is that Black Hat can read encrypted files sent by Bob to Alice but he cannot read encrypted files sent by Alice to Bob because Alice does not use Black Hat's key. Instead she uses Bob's authentic key to which Black Hat does not have the equivalent private key. Also Black Hat will have Bob's public key so Bob cannot private key encrypt. So basically unless Bob requests something from Black Hat which only Alice has, Bob will never know about what happened as he doesn’t know Alice’s authentic public key. However Alice will not receive a reply because Alice would be expecting a reply from Bob encrypted using her public key which Black Hat does not have. So all Black Hat can do is isolate Alice from the internet and Black Hat can impersonate her without anyone else except for Alice suspecting anything. So as long as Bob does not request anything from Alice, Black Hat will have no problems impersonating Alice as he would be receiving encrypted files which he can decrypt on Alice’s behalf. Alice could take days to suspect that her public key never reached Bob as she could think of a delay or Black Hat could impersonate Bob and tell Alice that he did not receive her key so as to buy time.
Conclusion:
The only safe way to communicate is by both Alice and Bob having each other’s public key from the start, which means that it is no better than secret key cryptography. Unless of coarse Alice already has something which Bob also has and can challenge Black Hat with it. However this is equivalent to a secret key…
If Black Hat blocks and controls Alice’s internet activities (a man in the middle attack) than these 2 situations can arise:
1. ALICE DOES NOT HAVE BOB'S PUBLIC KEY
Alice sends Bob her public key but it is blocked by Black Hat and instead he sends his public key ‘A’ to Bob. When Bob sends Alice his public key Black Hat blocks it and gives Alice his second public key B. This will then result in Bob sending an encrypted file (using key A) to Alice, blocked by Black Hat, decrypted with his key A, encrypted with Alice’s public key and sent to Alice. The same when Alice sends to Bob but using key B. An effective man in the middle attack were no one can suspect anything.
2. ALICE ALREADY HAS BOB'S PUBLIC KEY (BOB BEING A CERTIFICATE AUTHORITY FOR EXAMPLE)
Alice sends Bob her public key encrypted with Bob's key to prevent the previous situation from arising. Black Hat can still block Alice’s key from arriving to Bob and substitute it with his own key A. Bob will not send his public key because Alice already has it. Now what will happen is that Black Hat can read encrypted files sent by Bob to Alice but he cannot read encrypted files sent by Alice to Bob because Alice does not use Black Hat's key. Instead she uses Bob's authentic key to which Black Hat does not have the equivalent private key. Also Black Hat will have Bob's public key so Bob cannot private key encrypt. So basically unless Bob requests something from Black Hat which only Alice has, Bob will never know about what happened as he doesn’t know Alice’s authentic public key. However Alice will not receive a reply because Alice would be expecting a reply from Bob encrypted using her public key which Black Hat does not have. So all Black Hat can do is isolate Alice from the internet and Black Hat can impersonate her without anyone else except for Alice suspecting anything. So as long as Bob does not request anything from Alice, Black Hat will have no problems impersonating Alice as he would be receiving encrypted files which he can decrypt on Alice’s behalf. Alice could take days to suspect that her public key never reached Bob as she could think of a delay or Black Hat could impersonate Bob and tell Alice that he did not receive her key so as to buy time.
Conclusion:
The only safe way to communicate is by both Alice and Bob having each other’s public key from the start, which means that it is no better than secret key cryptography. Unless of coarse Alice already has something which Bob also has and can challenge Black Hat with it. However this is equivalent to a secret key…