[SGVLUG] Security "riddle"

[Mike Rubel]

Tom Emerson wrote:
> So, cutting to the chase, and I think you'll see this is essentially the
> same thing without the need for a face-to-face meeting, the actual answer
> given is as follows:
>
>   1) place the item in the box and lock it with your lock
>   2) send the item to the recipient.
>   3) the recipient ADDS his own lock to the box and RETURNS it
>   4) when you receive the box back, you REMOVE your lock and send it again
...
>   6) the recipient can remove his own lock and retrieve the contents.  If
> the lock was cut, they know the integrity of the shipment has been
> compromised [i.e., a gpg signature "failure"]

This also seems susceptible to man-in-the-middle, though.  The MITM
accepts your package, places his own lock on it, and sends it back.  You
see a second lock on the box, which you assume belongs to the intended
recipient.  Following step 4, you then remove your own lock and drop the
box back in the mail.  The MITM then intercepts the packages and removes
his lock, giving him access to the secret.

If the MITM wishes to remain undetected, he can then play the other side
by placing the secret back in the box, then attaching his lock and sending
it to the original recipient, waiting for the response, etc.

It seems that the MITM can only be foiled if the sender and recipient have
a separate, trusted communication channel by which they can either confirm
receipt of the box to one another, or confirm the authenticity of each
others' locks.  Of course, although this channel must be trustworthy, it
does not need to be hidden.

-Mike