81
General Software Discussion / Re: houseforge recommendation December 2007: Protection
« on: December 17, 2007, 07:18 AM »Messages are encrypted before sending, and are decrypted before displaying them to the user. So, again, the evil MIM (man in the middle) cannot peep in to find out what you are talking about.-housetier (December 13, 2007, 05:35 AM)
i just want to point out some important details
neither mircryption, fish, nor otr are safe from a man in the middle (MITM) attack.
same holds true for pgp, and therefor gnupg.
the wikipedia article mentions OTR as a counter measure against mitm, this is not true
this is not a problem with the encryption itself, but with the way keys are exchanged / agreed upon.
fish and mircryption use (can use) DH1080 (which is straight forward diffie-hellman key agreement) to exchange secrets.
to work around mitm attacks one has to establish a truly secure channel to exchange secrets, or part of a secret.
for instance, meet in person and exchange keys in a safe/secure environment.
to make it more difficult for eavesdroppers one can use multiple weak security channels to transmit parts of the secret
with the intend of making the exchange happen in so many places at once, that it's too complicated to wiretap all channels.
anyways, nice article housetier!
and to everyone: protect your privacy!