Some stuff about Diffie-Hellman (and more :-)
Perry E. Metzger
pmetzger at lehman.com
Mon Feb 7 07:56:22 PST 1994
Hal says:
>From: rcain at netcom.com (Robert Cain)
> > Now, the tutorial over :-), the question is; is there a "standard"
> > well-known-prime, w, and a "standard" well-known-modulus, m, and if
> ^^^^^-- generator
> > not, let's define one.
>
> I don't think there is a need for this. The two sides need to agree on
> a pair but they could just pick it at the beginning. If everyone uses
> the same m,w it would help attackers of the scheme to focus their efforts
> on these numbers.
Indeed, a paper has been published on how to break Sun Secure RPC
based on the idiotic decision by someone at Sun to standardise the
modulus used. It is basically a matter of precomputing a lot of data
based on the numbers which allows you to break any particular discrete
log in that field on the fly. The suggestion by Mr. Cain to use a
single generator and modulus for all traffic is astonishingly naive.
Perry
More information about the cypherpunks-legacy
mailing list