-1 upvotes, 2 direct replies (showing 2)
No the salt is sent from the receiver that wants to make sure something is what the sender says it is, and then the sender hashes the thing and the salt... MITM can't do anything.
I think it's time people read 2289 and implement it before they claim they understand anything related to cryptography.
2289 is also quantum safe.
Comment by shavetheyaks at 17/01/2025 at 00:39 UTC
1 upvotes, 1 direct replies
If the MitM also has the salt value, they can generate the hash. If the salt is sent in-band, the eavesdropper/MitM will have it. The only way it could work is to send the salt out-of-band.
Comment by shavetheyaks at 17/01/2025 at 03:27 UTC
1 upvotes, 0 direct replies
I had skimmed 2289 earlier, but went back and gave it a thorough read.
In this particular comment thread, we're talking about message integrity once a connection and auth have been already established. 2289 isn't relevant there, since it only deals with auth.
Even 2289 itself is *fully* vulnerable to MitM attacks, and the RFC says as such, and explicitly states that it *only* tries to protect against replay attacks. The RFC recommends using IPSEC to handle other security concerns, which also includes the encryption you want to avoid.
And "quantum safe?" It specifies MD4, MD5, and SHA1 as options, all of which are considered insecure by *non*-quantum standards at this point, IIRC. "Quantum" isn't even mentioned in the RFC, which isn't surprising, given it was published in 1998.