[Cryptography] [FORGED] Re: Fwd: freedom-to-tinker.com: How is NSA breaking so much crypto?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sat Oct 17 05:00:26 EDT 2015
Phillip Hallam-Baker <phill at hallambaker.com> writes:
>The solution is to compute the session key so that it is a product of the
>pre-master secret and the ephemeral exchange.
>
>What the protocol does right now is generate a strong shared secret (s1) and
>then use it to authenticate a DH exchange with shorter keys producing a
>weaker shared secret (s2).
>
>The problem is eliminated if w use H(s1 + s2) as the shared secret. Which is
>what I proposed at the time and got told I was being a trouble maker,
>unhelpful, etc.
Uhh, what's the value s1 when DHE is used, and how does the other side get a
copy? TLS uses DHE to compute a shared secret and uses that as the premaster,
there's no s1 and s2.
Peter.
More information about the cryptography
mailing list