Metropolis: Implementation of Interlock Protocol using Linux Shell Programming, OpenSSH, and GPG

Ángel González keisial at gmail.com
Tue Oct 5 08:41:21 EST 2010


 Don't use things like ls | grep ^received00
That will fail if there's a file listed before (eg. "foo received00"),
ls -l | grep received00 may work (with false positives) but
it's much easier to do it right: test -f received00


Arief Karfianto wrote:
> I have wrote a small Linux Shell command 
I don't think that bash programming is an appropiate language for security
protocols (other than as proof of concept).
For instance, I think your code will be subject to some race conditions
which
would have been trivial were all of this transmitted on one tcp connection.


> for implementing Interlock Protocol
> which is known as a cryptographic protocol that resistant to
> man-in-the-middle attack. Here is the steps of interlock protocol:
Take that resistant with a grain of salt.
Simply splitting the files in two pieces doesn't assure you won't be MITMed.
In your implementation seem that Alice discards Bob message. That allows
a full MITM attack (impersonate Bob, then Alice).
If Alice was somehow able to determine that the received file was not from
the Real Bob, it would still have transferred to the attacker (but at
least would be
aware of it).
If you had strict timeouts on the process, only began the transactions at a
specified time and would be able to detect bogus messages (how?). Then you
could at least detect after the fact the attack.

In fact, the scp and gpg utilities that you use as mere transport, have
their own
trust mechanisms.

I find this off topic for this mailing list, btw.



More information about the openssh-unix-dev mailing list