[Cryptography] "NSA could put undetectable “trapdoors” in millions of crypto keys"
james hughes
hughejp at me.com
Tue Oct 11 16:06:10 EDT 2016
> On Oct 11, 2016, at 12:24 PM, Ray Dillinger <bear at sonic.net> wrote:
> On 10/11/2016 08:56 AM, Jerry Leichter wrote:
>
>> Basically the researchers describe a way to generate primes for which number sieve is much easier if you know the secret - and there's no way to detect this by looking at the prime. In the case of 1024 bit D-H primes, the result would be to move cracking into a fairly easy range. And in the case of most of the widely-used 1024-bit D-H primes, nothing is known about how they were generated.
>
> So there is now a potentially very large undetectable class of
> weak keys.
g and p of Diffie Hellman are parameters chosen from a random distribution, not part of the algorithm itself. The original papers actually stated using constants for g and p was insecure.
The problem is not the algorithm, it is the improper standardization of random parameters and the inflexibility of the protocols to allow these parameters to to be used as designed.
One can argue, if you did not choose your own g and p, you are not executing Diffie-Hellman.
More information about the cryptography
mailing list