AIM Encrypt: A Case Study of the Dangers of Cryptographic Urban Legends
Abstract:
Like e{mail, instant messaging (IM) has become an integral part of life in a networked society. Until recently, IM software has been lax about providing condentiality and integrity of these conversations. With the introduction of AOL's version 5.2.3211 of the AIM client, users can optionally encrypt and protect the integrity of their conversation. Taking advantage of the encryption capabilities of the AIM client requires that signed certicates for both parties be available. AIM (through VeriSign) makes such certicates available for purchase. However, in a \public service " eort to defray the cost of purchasing personal certi-cates to protect IM conversations, a website (www.aimencrypt.com) is oering a certicate free of cost for download. Unfortunately, the provided certi cate is the same for everyone; this mistake reveals the dangers of a public undereducated about computer security, especially public key cryptography. 1
Citations
| 5 | secure key exchange for Internet protocols – Ecient - 2002 |
| 1 | About aim personal certi – AOL |
| 1 | SSH: The Secure Shell, The De Guide. O'Reilly – Barrett, Silverman - 2001 |
