jalicqui@prairienet.org (Jeff Licquia) wrote:
It was my impression that DH had a further weakness not related to the difficulty of the hard problem. As my copy of Schneider is at home, I must defer to ignorance at this point.
My understanding is that once you do the computation to solve a DH exchange you can use that information to easily solve any exchange under the same generator and modulus. So it's important to at least use large enough numbers to make this unfeasable. I think it was Suns SecureRPC that shipped with a fixed (and not big enough) generator and modulus and was not secure (assuming someone had already done the pre-computation). Maybe this is what you were thinking of? As always, proper generation of components is an important consideration in implementing public-key systems. andrew