The scenario where this falls apart is literally a text book example (I have the textbook).
The scenario is this: Surf to slashdot for the first time ever. Read it, love it, decide to sign up. You click 'sign up', enter your username and your public key. When you post the data a hacker switches out your public key with theirs. The server now 'knows' the hacker. It encrypts some random data to the hackers public key and sends it to the hacker along with it's public key. The hacker decrypts the data and re-encrypts it with your public key, changing the server public key to the hacker public key. You decrypt the data with your key, re-encrypt it to the hackers key (you still think its the servers), and then send it back. the hacker decrypts the the message, re-encrypts it to the servers public key and sends it along. You're authenticated and the hacker is listening.
Now the next time you go back, you enter your username and encrypt some random data to the hackers> key. You now believe that you are talking directly with slashdot but in reality, you don't even have slashdots public key.
Is logic puzzles.
"You are in a room with three guards, one of these guards always lies, one of them always tells the truth, and one of them lets you register this email address. Who do you ask?"
Let's see a computer solve that!
Slashdot Mirror
Mathematica has an amazing WYSIWYG typeset feature, but it costs a fortune. If you can get it through work, it is pretty awesome to use.
The scenario where this falls apart is literally a text book example (I have the textbook).
The scenario is this: Surf to slashdot for the first time ever. Read it, love it, decide to sign up. You click 'sign up', enter your username and your public key. When you post the data a hacker switches out your public key with theirs. The server now 'knows' the hacker. It encrypts some random data to the hackers public key and sends it to the hacker along with it's public key. The hacker decrypts the data and re-encrypts it with your public key, changing the server public key to the hacker public key. You decrypt the data with your key, re-encrypt it to the hackers key (you still think its the servers), and then send it back. the hacker decrypts the the message, re-encrypts it to the servers public key and sends it along. You're authenticated and the hacker is listening.
Now the next time you go back, you enter your username and encrypt some random data to the hackers> key. You now believe that you are talking directly with slashdot but in reality, you don't even have slashdots public key.
The problem is, it probably easily heats up to 485F as well. Then it explodes, heating your home much more rapidly.
Is logic puzzles. "You are in a room with three guards, one of these guards always lies, one of them always tells the truth, and one of them lets you register this email address. Who do you ask?" Let's see a computer solve that!
I thought the exact same thing reading this.