Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method

Georgi Guninski guninski at guninski.com
Sat Sep 5 01:07:32 PDT 2015


On Sat, Sep 05, 2015 at 07:41:11AM +0000, Alfonso De Gregorio wrote:
> Sure, the questions are: What is the origin of the current wording of
> the standard, that opens an avenue for lax checks for group
> parameters? Or, if, as you correctly pointed out, an implementation
> MAY NOT check group parameters, which entity deserves credit for it?
>

IMHO I haven't demonstrated attack against DH yet
(believe it is possible).

The current examples are against DSA, not DH.



More information about the cypherpunks mailing list