In many symmetric key ciphers sender and receiver have to exchange a single key. They may also do it through 3rd party who distributes it to both of them. since 3rd party can read all messages exchanged between them It can have disastrous impact on them in terms of capital, forgery etc. so In this case how is the privacy between the two ensured ?
Asked
Active
Viewed 317 times
2
-
trust the 3rd party not to perform the above operations. In practice you'd use public key cryptography for that exact reason - you don't need to trust the 3rd party not to read your traffic. – SEJPM Aug 27 '15 at 17:14
1 Answers
3
Yes, if you are using 3rd party key exchange, the 3rd party can read the messages. If that is not the security feature you want, use something else. There are many legitimate scenarios where users are fine with trusting the third party, however. For example, a system setup by my employer to allow encrypted chat between myself and our clients. My employer has legitimate reasons to want to be able to access those messages if necessary and so would want to set it up with (possibly) third party key exchange. I, as an employee, might be fine with that as I would be conducting official company business using the system.
Older protocols might have done this before public-key crypto was invented in order to keep key management reasonable.
mikeazo
- 38,563
- 8
- 112
- 180