| Subject | Re: [Firebird-Architect] RC4 |
|---|---|
| Author | Adriano dos Santos Fernandes |
| Post date | 2010-11-14T21:51:32Z |
On 14-11-2010 19:08, Jim Starkey wrote:
owner is recognized by the client.
Or the client could have a preloaded public key of the server it trust.
I don't see these approach on what you described, in fact you described
as it don't have this. So yes, it's susceptible to man in the middle
attacks.
Adriano
> On 11/14/2010 3:26 PM, Adriano dos Santos Fernandes wrote:Keys signed by trust-able authorities, i.e., "ceritifcate"d and that the
>> On 14-11-2010 18:14, Brad Pepers wrote:
>>> I'm not a big crypto guy but isn't this subject to man in the middle attacks?
>>>
>> It is, of course. :)
>>
>> To fix this problem it's necessary to have trust-able keys, not random
>> ones generated at each connection.
>>
>
> I don't know what you mean by "trust-able keys". Could you explain what
> you mean and what they do?
>
owner is recognized by the client.
Or the client could have a preloaded public key of the server it trust.
I don't see these approach on what you described, in fact you described
as it don't have this. So yes, it's susceptible to man in the middle
attacks.
Adriano