Robert Cain says:
Perry E. Metzger sez:
Indeed, a paper has been published on how to break Sun Secure RPC based on the idiotic decision by someone at Sun to standardise the modulus used. It is basically a matter of precomputing a lot of data based on the numbers which allows you to break any particular discrete log in that field on the fly. The suggestion by Mr. Cain to use a single generator and modulus for all traffic is astonishingly naive.
Now wait a minute, Perry. If a device is going to use other than a set of known moduli or even just one, how are two devices going to each know what the other is using without a listner knowing?
You don't care if a listener hears the information on the modulus and generator. It doesn't matter. You can broadcast it in the clear. The point I was making was that if you always use the same modulus the attacker can expend the effort to attack your modulus just once and can then crack individual D-H sessions trivially. If you change each time, you can't be attacked in this way. .pm