Two Dumb Questions

RW rwmaillists at
Mon Sep 26 12:52:44 UTC 2016

On Sun, 25 Sep 2016 23:42:34 -0700
Ronald F. Guilmette wrote:

> Here's my point:  If you really have already managed to become
> the man-in-the-middle anyway, then couldn't you just dummy up
> any and all responses, including those for DNS, in such a way
> as to make it all appear to the victim that everything was
> "normal", you know, such that he can see the cute little
> padlock symbol to the left of the URL in the browser?

There's a simple paint analogy here:–Hellman_key_exchange

that illustrates how it's possible to exchange a shared secret without
an eavesdropper knowing what it is. The shared secret can then be used
for symmetric encryption using something like AES.

Actual protocols use public key cryptography so it can be established
that the exchange is end to end, and not broken into two separate

More information about the freebsd-security mailing list