[Cryptography] Silly Diffie-Hellman question using XOR
Hanno Böck
hanno at hboeck.de
Wed Mar 5 13:50:36 EST 2014
On Thu, 6 Mar 2014 00:26:28 +1000
Stuart Longland <stuartl at longlandclan.yi.org> wrote:
> i.e. two parties, Alice and Bob wish to establish a shared key.
>
> 1. Alice generates two keys: A1 and A2.
> Bob generates two keys: B1 and B2.
> 2. Alice signs A2 and sends A2 + signature to Bob.
> Bob signs B2 and sends B2 + signature to Alice.
> 3. Alice verifies B2+signature, then generates
> A3 = A1 ^ A2 ^ B2. Alice signs A3 and sends to Bob.
Your protocol breaks already here. Attacker knows A2, B2 and A3.
So he can calculate A3 ^ B2 ^ A2. And get's A1. Wow!
> Bob verifies A2+signature, then generates
> B3 = B1 ^ B2 ^ A2. Bob signs B3 and sends to Alice.
Same here. B3 ^ B2 ^ A2 gives attacker B1.
Honestly, if you didn't see this, you shouldn't even dare to invent any
crypto yourself.
And rule of thumb: If you make up your own algorithm, it's broken.
Exceptions only if you are super-intelligent and have studied number
theory for years.
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140305/d81ceca4/attachment.pgp>
More information about the cryptography
mailing list