Fwd: Tor security advisory: DH handshake flaw
astiglic at okiok.com
astiglic at okiok.com
Fri Sep 2 10:32:55 EDT 2005
> On Thu, 01 Sep 2005 15:04:43 +0200, Simon Josefsson said:
>
>> If you control the random number generator, you control which
>> Miller-Rabin bases that are used too.
>
> Oh well, if you are able to do this you have far easier ways of
> compromising the security. Tricking the RNG to issue the same number
> to requests for the secret exponent of an DSA sign operation seems to
> be easier.
I agree. Either assume that the code on the PC is valid, or don't. If
you don't, anything can have a back door in it, the encryption or
signature code, the Miller-Rabin test, the RNG, the encoding scheme you
use, etc.
--Anton
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list