Log In / Register
Frequently Asked Questions
:
Browser Attack
Questions
:
How does 3rdKey shut down a Man In The Middle Attack?
In order for the Man In The Middle (MITM) to decipher the encrypted communication between the server and the browser, it needs to know the secret key.
3rdKey.com uses a
Diffie-Hellman
secret key exchange formula to ensure the key can not be discovered.
The only way that this secret key exchange can be broken is if there is an MITM attack that manipulates the exchange.
Some form of "signature" is required to ensure that the message received is what was sent, and that it was not manipulated.
If the MITM can manipulate the key exchange, it can manipulate the "signature" -
UNLESS
the signature is not included in the message
We use the 3rd Key as the "signature" - we add the 3rd key to the secret key, and then encrypt the message
The only way to decipher the message is to know both the secret code and the 3rd key, combine them and then decipher the message
Although the browser asks for the 3rd key, its not transmitted, so the MITM can not find out what the 3rd key is, without changing the way the page works
If the way the page works changes, it will be apparent to the user and our server (we use a key with our javascript)
Therefore, using the 3rd key as a "signature" for the server-browser encryption shuts down the MITM attack
Donate
(c)Copyright 1997-2024 3rdKey.com, Andrew Hughes. All rights reserved.
Menu
Home
Log In
Register
FAQ
Log In
Home
Log In
Register
FAQ