[Cryptography] Silly Diffie-Hellman question using XOR

Hanno Böck hanno at hboeck.de
Wed Mar 5 13:50:36 EST 2014

On Thu, 6 Mar 2014 00:26:28 +1000
Stuart Longland <stuartl at longlandclan.yi.org> wrote:

> i.e. two parties, Alice and Bob wish to establish a shared key.
> 1. Alice generates two keys: A1 and A2.
>    Bob generates two keys: B1 and B2.
> 2. Alice signs A2 and sends A2 + signature to Bob.
>    Bob signs B2 and sends B2 + signature to Alice.
> 3. Alice verifies B2+signature, then generates
>       A3 = A1 ^ A2 ^ B2.  Alice signs A3 and sends to Bob.

Your protocol breaks already here. Attacker knows A2, B2 and A3.
So he can calculate A3 ^ B2 ^ A2. And get's A1. Wow!

>    Bob verifies A2+signature, then generates
>       B3 = B1 ^ B2 ^ A2.  Bob signs B3 and sends to Alice.

Same here. B3 ^ B2 ^ A2 gives attacker B1.

Honestly, if you didn't see this, you shouldn't even dare to invent any
crypto yourself.

And rule of thumb: If you make up your own algorithm, it's broken.
Exceptions only if you are super-intelligent and have studied number
theory for years.

Hanno Böck

mail/jabber: hanno at hboeck.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140305/d81ceca4/attachment.pgp>

More information about the cryptography mailing list