Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method

[Peter Gutmann]

Georgi Guninski <guninski at guninski.com> writes:

>Even if "affected implementations would be approximately zero",
>can we count this as "crypto backdoored RFC" as per OP?

Oh sure, it's definitely broken.  OTOH I'm not sure if it's a deliberate
backdoor, the whole thing is such a bad design to begin with that something
like this is really just the icing on the cake.

It may be worth submitting an erratum to the RFC that mentions the problem,
just in case anyone is actually crazy enough to want to implement this in the
future.

Peter.