Some stuff about Diffie-Hellman (and more :-)
Perry E. Metzger
pmetzger at lehman.com
Tue Feb 8 17:02:12 PST 1994
Robert Cain says:
> Perry E. Metzger sez:
> > Indeed, a paper has been published on how to break Sun Secure RPC
> > based on the idiotic decision by someone at Sun to standardise the
> > modulus used. It is basically a matter of precomputing a lot of data
> > based on the numbers which allows you to break any particular discrete
> > log in that field on the fly. The suggestion by Mr. Cain to use a
> > single generator and modulus for all traffic is astonishingly naive.
> Now wait a minute, Perry. If a device is going to use other than a
> set of known moduli or even just one, how are two devices going to each
> know what the other is using without a listner knowing?
You don't care if a listener hears the information on the modulus and
generator. It doesn't matter. You can broadcast it in the clear.
The point I was making was that if you always use the same modulus the
attacker can expend the effort to attack your modulus just once and
can then crack individual D-H sessions trivially. If you change each
time, you can't be attacked in this way.
More information about the cypherpunks-legacy