Some stuff about Diffie-Hellman (and more :-)

Perry E. Metzger pmetzger at
Tue Feb 8 17:02:12 PST 1994

Robert Cain says:
> Perry E. Metzger sez:
> > 
> > Indeed, a paper has been published on how to break Sun Secure RPC
> > based on the idiotic decision by someone at Sun to standardise the
> > modulus used. It is basically a matter of precomputing a lot of data
> > based on the numbers which allows you to break any particular discrete
> > log in that field on the fly. The suggestion by Mr. Cain to use a
> > single generator and modulus for all traffic is astonishingly naive.
> Now wait a minute, Perry.  If a device is going to use other than a 
> set of known moduli or even just one, how are two devices going to each
> know what the other is using without a listner knowing?

You don't care if a listener hears the information on the modulus and
generator. It doesn't matter. You can broadcast it in the clear.

The point I was making was that if you always use the same modulus the
attacker can expend the effort to attack your modulus just once and
can then crack individual D-H sessions trivially. If you change each
time, you can't be attacked in this way.


More information about the cypherpunks-legacy mailing list