[Cryptography] "‘The intelligence coup of the century’"
Bill Stewart
billstewart at pobox.com
Thu Feb 13 18:43:26 EST 2020
On 2/13/2020 1:58 PM, David Honig wrote:
> Isn't the difference that is that RSA has persistant identities (ie published public keys, supposedly signed by multiple identities) whereas DH doesn't? In RSA you look up the supposedly-linked supposedly-affirmed public key to the supposed other contact; in DH you shout some numbers in a dark room, establish a confidential but not authenticated link, then perform whatever authentication you want?
Pretty much, yes, though there are other models for how you handle
identity with RSA if you want them. Even if they're not used very
persistently, at least the recipient doesn't have to do a calculation
every time a stranger wants to talk to them. (There are ways to reduce
that effort and risk with DH, e.g. the business about exchanging keys in
two halves.)
More information about the cryptography
mailing list