Starium (was Re: article: german secure phone)
Paul Crowley
paul at cluefactory.org.uk
Thu Jun 14 09:50:20 EDT 2001
codehead at ix.netcom.com writes:
> In the spring of 1999, at the request of a VC, I went to a garage.
> com meeting where one of the Starium versions was demonstrated. At
> the time it was "a bump in the line" version, but instead of having a
> "green light" indicator, there was a 4-digit LCD display.
>
> Eric Blossom said that the display showed the last four digits of the
> Diffie-Hellman key that was negotiated at the start of conversation.
> The participants in the conversation could read the digits off and
> confirm that there had not been a MITM attack.
This is only secure if all parties are forced to commit to the DH
information they're going to send before they send it. Otherwise,
it's trivial to collect g^x_1, g^y_2 from the two parties, then
generate y_1, x_2 s.t. the resulting g^{x_1 y_1}, g^{x_2 y_2} collide
in the last four digits by trying about a hundred candidates for each
in a birthday attack.
--
__ Paul Crowley
\/ o\ sig at paul.cluefactory.org.uk
/\__/ http://www.cluefactory.org.uk/paul/
"Conservation of angular momentum makes the world go around" - John Clark
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list