Scare tactic?
Alexander Klimov
alserkli at inbox.ru
Thu Sep 20 05:23:59 EDT 2007
On Wed, 19 Sep 2007, Nash Foster wrote:
> Any actual cryptographers care to comment on this? I don't feel
> qualified to judge.
>> Not a single IKE implementation [...] were validating the
>> Diffie-Hellman public keys that I sent.
There are many ways to use DH key-agreement. The one described
on the page is as follows: both A and B generate random values,
exponentiate, exchange results, and derive the same value. In
this case there is no point validating the `public key'
A receives from B: if B colludes with an attacker (and generates
the key belonging to a small subgroup), then B can as well tell
the final secret to the attacker.
The attack would make sense if it allows B to learn a long-term
secret of A, but if the `private keys' are randomly generated on
each exchange, then this problem does not exist.
--
Regards,
ASK
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list