Documente Academic
Documente Profesional
Documente Cultură
1. Explain in detail with proper logic, why PGP is vulnerable to the middle attack as explained by
the author, Kuobin
Sol :
For the man in the middle attack that we are gonna carry , we need the following.
If we have a trusted authority who can certify the public key, then we don't even need to have a
common security key.public key can be digitally signed by the users at a central certified
authority. The central certified authority then associates that public key with the user in its
registry.So when A and B would like to check the authenticity of the public key that they have
received from each other, they check the validity of the public key they received with the central
certified authority, thus ensuring the keys they received were from the users that they intended.
in Public key infrastructure, the certificate is issued by a certificate authority, which binds both
the public key and identity of the user.
The man in the middle attack can be stopped by checking the identity with the CA.