To start things off, the attacker, X, impersonates A requesting a key from the key distribution center. In the request, X claims that A wishes to communicate with the attacker (X). Request messages of this type (RSI) do not contain any authentication codes and are easily forged.
At this point A and B believe that they share a secret key known only to them (and the trusted key server). However, the key is also known to X.
Hot damn! This was it! This attack works! I leaned forward and let the front legs of the chair hit the floor with a loud thud. I took a deep breath. I reminded myself that this attack requires some preliminary setup by the attacker. It cannot be used to learn keys already in use. Nonetheless, with minimal effort, an attacker can obtain the session keys used by any communicating pair in the network. Thus, the use of separate keys for each communicating pair is overkill — the protocol might just as well use a single key shared by the entire network. There is no additional security obtained by the use of separate keys.
I walked over to the window. What are my assumptions? First of all, the attacker needs to have access to somebody’s key-encrypting key…
Whoa! My blood ran cold. In a sudden fit of paranoia I glanced at the door, confirming that it was closed and the chain drawn. I slowly laid my pencil on the desk and walked over to the window. A shiver ran down my spine. Staring at the street below, I allowed myself to come to grips with the realization that the millwright definitely was an insider, but not necessarily at Bendix. The easiest way to meet my assumption is to assume that the attacker was part of the EFT network — i.e. a member bank, any member bank. We had always assumed that if the money mill was an inside job at all, then the insider was probably at either First Chicago or Bendix. Strangely, I found it far more disturbing that the mill was being run by an insider with access to all X9.17 keys than if the millwright were a lone hacker that had figured a way to crack DES. A banker with the cleverness and Computer Science know-how to devise the mill was a very dangerous adversary. Quite probably with powerful allies. I shuddered and ran a hand through my already disheveled hair as I continued to stare at the dark street below (sometimes it seemed I spent more time staring at that same empty street than I spent at my desk). All manner of questions raced through my mind. Which bank? Was it an institutional effort being run from the top or was it a single rogue employee? Even if it were the latter, the employee would have to be one of a small number of highly trusted employees if he or she had access to a triple-DES key-encrypting key.