Why do two hosts exchange their own GUID in making master key or session key?

asked 2015-08-06 19:16:51 -0700

eekshs16 gravatar image

At that step, GUIDs were exchanged, already.

When making session key, server only checks its own GUID at first and client's GUID is not used.

Despite of this, client sends its GUID and server's GUID.

Also, I think that GUIDs were already exposed because they had been transferred as a plaintext.

If attacker tries to exchange master key with real client's GUID earlier than that client, then, I think that attacker can obtain a master key of a real client and that client may have a problem.

I want to know others' thought.

Thank you for reading.

edit retag flag offensive close merge delete


you might try on the core mailing list. https://lists.allseenalliance.org/mailman/listinfo/allseen-core

ry.jones ( 2015-08-07 11:53:11 -0700 )edit