
Ask HN: Is there any way for two machines to talk over an untrusted network? - apparentiguana
I realize Kerberos authentication exists, which requires a trusted third party. Is there any way for two machines to communicate securely without a shared secret or a trusted third party?
======
raimue
This depends on your goals. If you only want to communicate, a secure channel
with a shared secret can be established with the Diffie-Hellman key exchange.

However, this will not authenticate the other party, which means ensuring that
you are actually communicating with the expected partner and not with a man in
the middle. For this, the partners need to present something only they know.
This would usually be solved with asymmetric crypto, like verifying
certificates signed by a trusted third-party or using previously seen public
keys in a trust-on-first-use scenario.

~~~
apparentiguana
Thanks for the info! I've been reading up on Diffie-Hellman, wasn't sure if it
was susceptible to MITM, but glad to know that it is.

My goal is to enable a mostly-automated way to have devices on a network
discover and authenticate each other. As a thought experiment, I was trying to
determine if two devices plugged into a malicious router could communicate
securely, but everything I've found so far seems to indicate that it isn't
possible without a shared secret.

Do you know how web vendors do it? Does Chrome/Firefox/etc have any base keys
stored to ensure you aren't working with a censored internet?

~~~
stephenr
That's what the root Certs are for.

Firefox ships with its own, chrome uses the platform ones.

~~~
apparentiguana
Oh gotcha, thanks! Really appreciate the info, I'll go read up on root certs.

------
grizzles
How web vendors do it: PKI.

PKI (root certs) was very controversial at the time it was proposed. It has
endured because it's easy for things that are happening to keep happening.
It's the idea that because a company with a root cert (eg. Verisign) says you
are who you say you are, they will vouch for you. But it's not that secure,
and plenty of people have demonstrated over the years it's easy to impersonate
companies/websites by swindling Verisign first. Microsoft has been a victim on
numerous occasions.

Diffie Hellman isn't really susceptible to a MITM. It just means the party at
the other end of your secure channel could be a hostile actor. So you need a
way to discriminate on who's naughty/nice. Like Santa. For your use case you
could distribute a usb stick of blessings to the computers you have deemed
virtuous. But a nice computer can turn into a naughty computer, etc.

So if the two machines can communicate at least once over a hostile network,
then they can ensure future conversations are secure (co-authenticated) and
not susceptible to mitm. The problem is, they might not be communicating that
first time. I hope this captures the nuance.

~~~
apparentiguana
It does, thank you! I've designed a flow that I think will work based on this
and the other comments - I think the understanding that there's not an easy
way without a shared secret has been helpful. What I'm going to do is use a
shared secret can be used to sign a public key for each machine, since the
secret will presumably only be shared with machines I control, as long as I
can prevent other security concerns from compromising them.

