EE Times on PRZ
Andrew Lowenstern
andrew_loewenstern at il.us.swissbank.com
Wed Jan 18 13:51:11 PST 1995
jalicqui at prairienet.org (Jeff Licquia) wrote:
> It was my impression that DH had a further weakness not related to
> the difficulty of the hard problem. As my copy of Schneider is at
> home, I must defer to ignorance at this point.
My understanding is that once you do the computation to solve a DH exchange
you can use that information to easily solve any exchange under the same
generator and modulus. So it's important to at least use large enough
numbers to make this unfeasable. I think it was Suns SecureRPC that shipped
with a fixed (and not big enough) generator and modulus and was not secure
(assuming someone had already done the pre-computation). Maybe this is what
you were thinking of?
As always, proper generation of components is an important consideration in
implementing public-key systems.
andrew
More information about the cypherpunks-legacy
mailing list