Date: Mon, 26 Sep 2016 13:52:38 +0100 From: RW <rwmaillists@googlemail.com> To: freebsd-security@freebsd.org Subject: Re: Two Dumb Questions Message-ID: <20160926135238.6296ddc2@gumby.homeunix.com> In-Reply-To: <32084.1474872154@segfault.tristatelogic.com> References: <32084.1474872154@segfault.tristatelogic.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 25 Sep 2016 23:42:34 -0700 Ronald F. Guilmette wrote: > Here's my point: If you really have already managed to become > the man-in-the-middle anyway, then couldn't you just dummy up > any and all responses, including those for DNS, in such a way > as to make it all appear to the victim that everything was > "normal", you know, such that he can see the cute little > padlock symbol to the left of the URL in the browser? There's a simple paint analogy here: https://en.wikipedia.org/wiki/Diffie=E2=80=93Hellman_key_exchange that illustrates how it's possible to exchange a shared secret without an eavesdropper knowing what it is. The shared secret can then be used for symmetric encryption using something like AES. Actual protocols use public key cryptography so it can be established that the exchange is end to end, and not broken into two separate exchanges.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160926135238.6296ddc2>