[JDEV] Encryption
Arne
brix at pyromedia.de
Thu Aug 17 01:49:19 CDT 2000
wrote:
> I need to implement a simple encryption scheme on Jabber to ensure a secure
> communication channel, and I thought up a very simple scheme. I will try my
> best to explain it, please comment on the loopholes or disadvantages.
>
> Scenario:
> 1. Client request to connect to server.
>
> 2. Jabber server generates a key pair (Ksp - server public key and Ksr -
> server private key) and send the public key Ksp to client.
>
> 3. Client generates a key pair (Kcp - client public key and Kcr- client
> private key), encrypts the message (which contains the client's public key
> Kcp) with the server's public key Ksp (EKsp(Msg)), and send the ciphertext
> back to the server. By this step, a secure channel is established, with the
> client and server holding each other's public key.
>
> 4. Since different key pairs are generated by the client and the server for
> each single session, security level is pretty high.
>
> 5. The client can then be authenticated with user name and password, which
> is sent through secure key encrypted channels.
>
> Please comment.
>
> Paul
>
>
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
>
>
>
How about the man-in-the-middle-attack?
More information about the JDev
mailing list