Scare tactic?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Sep 20 21:47:18 EDT 2007
Nate Lawson <nate at root.org> writes:
>All this attack allows is for one side of a DH exchange to intentionally
>downgrade the security,
You've forgotten Hanlon's razor, "Never attribute to malice that which can be
adequately explained by stupidity". So the comment should really be:
All this attack allows is for one side of a DH exchange to inadvertently
downgrade the security,
This sort of thing has happened several times in the past (with RSA, not DH in
this case), one example being the CA-issued exponent-one certs that I
mentioned previously, the other being an implementation that shall go unnamed
that sent out plaintext because the developers didn't do key paramter
validation. So the problem isn't a deliberate attack, it's screwups by people
implementing or deploying the crypto.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list