[Cryptography] DH non-prime kills "socat" command security
Benjamin Kreuter
brk7bx at virginia.edu
Tue Feb 9 22:48:55 EST 2016
On Tue, 2016-02-09 at 09:06 -0800, Ray Dillinger wrote:
>
> I think I disagree. It's easier to get code that deals with
> general parameters right - once - than to rely on individual
> implementations that depend on specific hardcoded numbers
> for each of a dozen different groups being used in different
> applications.
Getting the group operation right for general parameters is only part
of the story (and really, you would probably implement it this way
regardless of whether the parameters are standardized). You also need
to deal with the procedure for agreeing on parameters and for dealing
with bad parameters, which is where things would probably go wrong. At
a minimum the extra agreement steps and validation will increase the
attack surface of implementations, even if the protocol is flawless.
-- Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160209/386a93b7/attachment.sig>
More information about the cryptography
mailing list