Skip to main content
Information Security

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

Required fields*

3
  • it is not clear to me how this is a problem. the public key is, by definition, public. doesn't that mean that if the public key is sniffed, no harm done? and if the MITM intercepts the public key and passes along a fake one to server B, i'm not sure how that is harmful either. wouldn't that just result in server B being unable to communicate? how would any of this be leveraged maliciously? Commented May 26, 2020 at 18:07
  • 7
    @WoodrowBarlow The key being sniffed is no problem (it's a public key after all). But by injecting fake keys, the attacker can now read any encrypted communication between A and B: when A sends a message to B, they will encrypt the message with "fake pkeyB"; the attacker decrypts it (with their fake privatekeyB) and forwards the message re-encrypted with the real pkeyB; ie A and B can communicate, but an attacker can read/manipulate the messages. Commented May 26, 2020 at 18:32
  • aha. the thought that the MITM might re-encrypt so that server B is none the wiser hadn't occurred to me. +1 on this answer. thank you! Commented May 26, 2020 at 20:09