Subject Re: [Firebird-Architect] RC4
Author Adriano dos Santos Fernandes
On 14-11-2010 19:08, Jim Starkey wrote:
> On 11/14/2010 3:26 PM, Adriano dos Santos Fernandes wrote:
>> On 14-11-2010 18:14, Brad Pepers wrote:
>>> I'm not a big crypto guy but isn't this subject to man in the middle attacks?
>> It is, of course. :)
>> To fix this problem it's necessary to have trust-able keys, not random
>> ones generated at each connection.
> I don't know what you mean by "trust-able keys". Could you explain what
> you mean and what they do?
Keys signed by trust-able authorities, i.e., "ceritifcate"d and that the
owner is recognized by the client.

Or the client could have a preloaded public key of the server it trust.

I don't see these approach on what you described, in fact you described
as it don't have this. So yes, it's susceptible to man in the middle