Scare tactic?
Ben Laurie
ben at links.org
Thu Sep 20 09:34:51 EDT 2007
Nash Foster wrote:
> http://labs.musecurity.com/2007/09/18/widespread-dh-implementation-weakness/
>
> Any actual cryptographers care to comment on this? I don't feel
> qualified to judge.
It seems to me that the requirement cited:
"Entity i cannot be coerced into sharing a key with entity j without i’s
knowledge, ie, when i believes the key is shared with some entity l != j."
is generally impossible to achieve in practice. Which is lucky:
otherwise DRM would work.
To address their particular complaint, one of the two parties must
cooperate with the passive attacker to cause key leakage. If they are
prepared to cooperate then they can leak the key anyway, and no amount
of testing of public keys will prevent this.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list