Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method

Peter Gutmann pgut001 at cs.auckland.ac.nz
Thu Sep 3 08:38:23 PDT 2015

Georgi Guninski <guninski at guninski.com> writes:

>Even if "affected implementations would be approximately zero",
>can we count this as "crypto backdoored RFC" as per OP?

Oh sure, it's definitely broken.  OTOH I'm not sure if it's a deliberate
backdoor, the whole thing is such a bad design to begin with that something
like this is really just the icing on the cake.

It may be worth submitting an erratum to the RFC that mentions the problem,
just in case anyone is actually crazy enough to want to implement this in the


More information about the cypherpunks mailing list