Sin 17: Unauthenticated KeyExchange

Previous page
Table of content
Next page

Overview of the Sin

Yes, I want to protect my network traffic! Confidentiality? Message integrity? Sounds good! Ill use << insert off-the-shelf encryption solution here >>. Oh, wait I need both sides to share a secret key. How do I do that?

I know! Ill use another off-the-shelf solution or write my own. What does Applied Cryptography say for this? I see I can use a key exchange protocol like Diffie-Hellman. Or, maybe I can even use SSL or TLS.

Thats about as far as people usually get before implementing an encryption solution, but they havent tackled all of the lingering risk. The problem is that key exchange also has security requirements: the exchanged key needs to be secret, and, more importantly, the messages in the protocol need to be properly authenticated. That means youll generally need to make sure the people exchanging a key have a way of determining who theyre exchanging a key with. Youd be shocked how often this doesnt happen! Authenticating users after the key is exchanged doesnt usually solve the problem, either.


Previous page
Table of content
Next page
19 Deadly Sins of Software Security. Programming Flaws and How to Fix Them
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
Absolute Beginner[ap]s Guide to Project Management
Java How to Program (6th Edition) (How to Program (Deitel))
The Java Tutorial: A Short Course on the Basics, 4th Edition
Microsoft WSH and VBScript Programming for the Absolute Beginner
What is Lean Six Sigma
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy