17 Dec
2003
17 Dec
'03
11:17 p.m.
Eric Hughes says:
In addition, changing the modulus can have unpleasant effects on traffic analysis, if not done properly.
Of what sort?
For D-H, the modulus must be transmitted in the clear. Unless you use a different modulus for each conversation, there is a persistency to the moduli that gives rise to a pseudo-identity.
You don't HAVE to transmit the modulus in the clear. Its often worthwhile to use D-H for key exchange even if both sides know the other's RSA public keys. Why? Because then the keys used for conventional session encryption need not be compromised for historical traffic even if the RSA keys are later compromised. Perry