Diffie-Hellman Re: UK Government to force handover of encryption keys
Bill Stewart
bill.stewart at pobox.com
Fri May 19 13:14:31 PDT 2006
At 09:32 AM 5/19/2006, Tyler Durden wrote:
>Let us not forget all of the methods of "deniable encryption" discussed a
>few years back. If the "wrong" key is entered, the returned "de-encrypted"
>file will look -kinda- bad but not actually be the original plaintext.
For stored material, that may be useful,
but for communications, it's the wrong model.
Too many online applications currently use
RSA encryption to transfer an encrypted key,
which is vulnerable to later disclosure,
instead of using Diffie-Hellman key exchange
and some signature algorithm (RSA, EG, whatever),
for which compromising the key doesn't expose previous communications,
only exposes the user to MITM attacks,
is much easier to argue against disclosure of,
and of course is much easier to replace (blocking MITM with the compromised
keys.)
Email messages are an appropriate use of RSA-encrypted keys,
but any online two-way communications,
including VOIP, IPSEC, web forms, and transmission of email,
really ought to be using Diffie-Hellman instead.
How many of the popular tools support it or could be configured to do so?
In most cases, it's probably not hard - you mainly need to choose the
right options from standard packages, and make the DH versions the
preferred method instead of a fallback.
More information about the cypherpunks-legacy
mailing list