Obviously a miscommunication problem here, I never said you did not need a third party to provide non-repudiation in this case. I merely stated its possible to communicate securely.
explain how to detect MITM without a shared secret or a trusted party?
Man in the middle and non-repudiation are orthogonal. Please explain how to detect MITM without a shared secret or trusted party (using "modern cryptography")
Defining what security is, is an area of grays not black and whites.
It is indeed very
black and very white. There is nothing in between being secure and not secure. Claiming something different, is somewhat disqualifying, if I'm allowed to say.
You trust your bank, its not 100% secure either.
A wrong analogy based on wrong assumptions. No sane person will trust a bank, not only because banks are demonstrably not secure, but more importantly because bankers are criminals. However, trusting a bank with your money is the lesser evil
compared to having it in your house. The risk of losing everything is several orders of magnitude smaller (at least, in some countries).
A bank may not be perfectly safe against robbery, but the threshold is high, penalties are deterring, and there is an insurance. A communication protocol that is not perfectly safe against being tampered will be exploited the next day by every 12 year old downloading a script off the internet.
I wouldn't use rand() its bound to be pseudo random.
Any message encoded with a one time pad is as good as any other message of equal length, if you don't have the key -- since it is equivalent to every other message of equal length, depending on the key used.
Therefore, a pseudo-random message is not any worse than any other message. The unknown person you communicate with does not have the key, so gibberish remains gibberish. You can as well optimize this and use the output of rand()
or send concatenations of "1234567890abcdef" (for every arbitrary message!). It is no more and no less meaningless.