Tagged Questions
-2
votes
1answer
113 views
What is a man in the middle attack?
My university provided me with the following slide which is confusing me:
From my understanding, what is happening here is that Trudy (Person in the middle) is pretending to be Alice. Bob then ...
1
vote
1answer
47 views
Symmetric Key Cryptography vs Public Key Cryptography [duplicate]
I understand what the two are so need to go into detail about that, however what I'm curious about is in what kind of situations would we use one over the other? It feels to me as if Public Key ...
3
votes
2answers
404 views
Can we prevent a man-in-the-middle attack with symmetric-key cryptography?
Suppose that Alice signs the message M = "I love security" and then encrypts it with
Bob's public key before sending it to Bob. As well known, Bob can decrypt this to
obtain the signed message and ...
1
vote
2answers
188 views
Does secure remote password verifier transmission need to happen out of band?
With relation to the necessity of a verifier being transmitted from the client to the server prior to any handshake steps, I was wondering how this is supposed to happen securely? To me this seems ...
1
vote
3answers
275 views
Three Message Authentication Protocol
I have a protocol where "A" initiates communication with "B". "B" then sends a challenge to check if "A" is really "A". "B" does not remember sending the challenge so "A" has to respond by sending the ...
20
votes
3answers
2k views
How does Convergence (CA replacement) prevent its notaries from being MITM'd as well?
I have been looking into Convergence and how it works, but I cant figure out how it is effective against a MITM attack that happens near the target system. My understanding is that Convergence works ...
14
votes
3answers
3k views
Convergence - an SSL replacement?
Today, Moxie Marlinspike, a security researcher famous for his research on Android and SSL and related protocols (author of sslstrip/sslsniff), released "Convergence" which says is "an agile ...
9
votes
1answer
543 views
Native rsync protocol security
Is the native rsync protocol (port 873) secure? Does it encrypt data or credentials?
I'm planning on using rsync to store encrypted files in the cloud, I'm wondering whatever the password is ...
42
votes
3answers
15k views
What's the difference between SSL, TLS, and HTTPS?
I get confused with the terms in this area. What is SSL, TLS, and HTTPS? What are the differences between them?
6
votes
2answers
4k views
The new CCMP attack against WPA/WPA2 PSK
The use of Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) for WPA/WPA2 PSK is being attacked. This is a trivial attack (offline brute force) against the initial ...
6
votes
3answers
417 views
Patent free symmetric-only key exchange protocols?
I am working with a networked embedded device with AES-128 and no public key cryptography (1KB RAM, 8KB flash). At install, the device is pre-loaded with a longterm AES-128 key known also to the ...
4
votes
3answers
295 views
Are there any serious problems with this technique for generating symmetric keys?
I'm using a technique borrowed out of a book by Bruce Schneier and Niels Ferguson called Practical Cryptography. Basically, it boils down to this:
Bob does this:
pubk_A = Alice's public key
...
8
votes
3answers
1k views
What common products use Public-key cryptography?
I want know what common use products are there that use public key/private key cryptography?
8
votes
1answer
499 views
What were the specific security flaws with OAuth 1.0? How are they being addressed in 2.0?
I read an article documenting Twitter abruptly pulling its OAuth support back in April 2009. The article said it wouldn't specify the hole for security reasons, but mentioned "social engineering" is ...
