0

hi Everyone please correct me if im wrong for my understanding for the man in the middle attack used in a variant of diffie hellman key exchange .

am i right to say that a protocol is susceptible to the man in the middle attack, if each participants is having their own private key of yP and public key of g^yP mod p and

A -> B : g^rA mod P

B -> A : g^rB mod P

rA and rB are random values each session and my shared key is = g^rAxB + g^rBxA mod P. This can be attack because the protocol does not authenticate participants .

am i right for that understanding ? and an adversary can just participate in that key exchange ?

Paul
  • 1
  • 4
    In short: you are right in that DH itself has no protection against MITM. In detail: possible duplicate of [Is Diffie–Hellman key exchange protocol vulnerable to man in the middle attack?](https://security.stackexchange.com/questions/184248/is-diffie-hellman-key-exchange-protocol-vulnerable-to-man-in-the-middle-attack), [Why can't I MitM a Diffie-Hellman key exchange?](https://security.stackexchange.com/questions/91699/why-cant-i-mitm-a-diffie-hellman-key-exchange). – Steffen Ullrich Aug 23 '18 at 09:29
  • Hmm, this is a special version of DH. Not that it matters of course, but that isn't in the answer you've linked to. – Maarten Bodewes Aug 24 '18 at 03:54

1 Answers1

1

If there is no authentication of at least party then then no connection can be trusted, and MitM is possible. MitM does of course require an active attack; just eavesdropping is not enough, and unauthenticated DH does protect against eavesdropping attacks.

Note that the authentication may require a relatively low amount of data (e.g. there are protocols that simply use vicinity) but some kind of authentication does need to take place.

Maarten Bodewes
  • 4,562
  • 15
  • 29