What commonly used computer pr

Any protocol that requiresa senderand a receiver to agree on a session key before they start communicating is prone to the man-in-the-middle attack.For instance,if one were to implement on a secure shell protocol by having the two communicating machines to identify a common session key,and if the protocol messa ges for exchanging the session key is not protected by the appropriate authentication mechanism,then it is possible for an attacker to manufacture a separate session key and get access to the data being communicated between the two parties.In particular,if the server is supposed to manufacture the session key,the attacker could obtain the session key from the server,communicate its locally manufactured session key to the client,and thereby convince the client to use the fake session key.When the attacker receives the data from the client,it can decrypt the data,reen-crypt it with the original key from the server,and transmit the encrypted data to the server without alerting either the client or the server about the attacker's presence.Such attacks could be avoided by using digital signatures to authenticate messages from the server.If the server
could communicate the session key and its identity in a message that is guarded by a digital signature granted by a certifying authority,then the attacker would not be able to forge a session key,and therefore the man-in-the-middle attack could be avoided.