undefined | Better HN

0 pointsGTP2y ago0 comments

Duffie-Hellman can be MITMed if nothing checks that the value you get from the other party actually comes from the intended other party. I.e., an identity check.

0 comments

eimrine2y ago

That is OK if the talk is not about bank or currency exchange.

GTPOP2y ago

That's still not OK. Think about this: you are encrypting your traffic to prevent some third party from seeing/modifying it. But without authentication, you don't know who you're communicating with. So it could be that you're talking with the very third party that you were trying to protect from in the first place.

j / k navigate · click thread line to collapse

0 pointsGTP2y ago0 comments

Duffie-Hellman can be MITMed if nothing checks that the value you get from the other party actually comes from the intended other party. I.e., an identity check.

0 comments

eimrine2y ago

That is OK if the talk is not about bank or currency exchange.

GTPOP2y ago

j / k navigate · click thread line to collapse