[Cryptography] Silly Diffie-Hellman question using XOR
hanno at hboeck.de
Wed Mar 5 13:50:36 EST 2014
On Thu, 6 Mar 2014 00:26:28 +1000
Stuart Longland <stuartl at longlandclan.yi.org> wrote:
> i.e. two parties, Alice and Bob wish to establish a shared key.
> 1. Alice generates two keys: A1 and A2.
> Bob generates two keys: B1 and B2.
> 2. Alice signs A2 and sends A2 + signature to Bob.
> Bob signs B2 and sends B2 + signature to Alice.
> 3. Alice verifies B2+signature, then generates
> A3 = A1 ^ A2 ^ B2. Alice signs A3 and sends to Bob.
Your protocol breaks already here. Attacker knows A2, B2 and A3.
So he can calculate A3 ^ B2 ^ A2. And get's A1. Wow!
> Bob verifies A2+signature, then generates
> B3 = B1 ^ B2 ^ A2. Bob signs B3 and sends to Alice.
Same here. B3 ^ B2 ^ A2 gives attacker B1.
Honestly, if you didn't see this, you shouldn't even dare to invent any
And rule of thumb: If you make up your own algorithm, it's broken.
Exceptions only if you are super-intelligent and have studied number
theory for years.
mail/jabber: hanno at hboeck.de
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: not available
More information about the cryptography