This Project is now at Version 1.0.4 with a text interface.


What follows is a quick explaination of the Wide Mouth Frog Protocol and a link to the Current API Documentation for the code.
You can get the code here

The Wide Mouth Frog Protocol:

This is possibly the simplest symmetric key-management protocol that uses a trusted server[1]. Trent, the trusted server, has keys that he shares with the principals concerned. Alice and Bob (as usual :->) are client machines that use Trent to set up a session key between them for secure communications.

Please Note that this version is insecure and has known attacks. The point of the project was to implement this version and let the students doing the project correct it with the secure version, as well as showing the attacks.

Symbol	Description
A	Alice's Name
B	Bob's Name
T	Trent's Name
Ea	Encryption with key Trent Shares with Alice
Eb	Encryption with key Trent Shares with Bob
Ks	A Random Session Key

Protocol Message Exchanges:
A -> T : A,T,B,Ea{Ks}

T -> B : T,B,A,Eb{Ks}


At this point both Alice and Bob share a secret, Ks, which they can use to send messages to one another like:

B -> A : B,A,A,Ks{SecureText}


Hopefully this explains the protocol.

Note this is the insecure version of the protocol - this is due to the fact that the code was created as an excercise in showing the flaw and fixing it.

For More information see "Applied Cryptography, Protocols, Algorithms and source code in C" by Bruce Schneier, Counterpane Systems.

---

Version 1.0.4 Code is available for download from here:

• Code : wmf-1.0.4-src.tar.gz
• Docs : wmf-1.0.4-docs.tar.gz
• License : licence

Note these tar.gz files will uncompress into directorys under the current one.
To use this program you will need either Sun's JCE or DSTC's JCSI or equilivant java cryptographic extensions replacement.
You will also need Sun's JDK, at least version 1.2 but this is tested with version 1.3 from IBM and more recently version 1.4.1 from Sun with the builtin JCE.

Please Note: This program is released under a BSD license, i.e. you can use it anyway you like but please give me credit!.
I would also like to know who is using it - just for interests sake :-)
You can email me at the address below

---

References:
[1] Applied Cryptography, Second edition, Pages 56-57, Bruce Schneier.

If you wish to look at the current API for the objects being used click here.
The author can be contacted at t.quillinan@cs.ucc.ie

Copyright ©2000-2002 Thomas B. Quillinan