Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method
Georgi Guninski
guninski at guninski.com
Sat Sep 5 01:07:32 PDT 2015
On Sat, Sep 05, 2015 at 07:41:11AM +0000, Alfonso De Gregorio wrote:
> Sure, the questions are: What is the origin of the current wording of
> the standard, that opens an avenue for lax checks for group
> parameters? Or, if, as you correctly pointed out, an implementation
> MAY NOT check group parameters, which entity deserves credit for it?
>
IMHO I haven't demonstrated attack against DH yet
(believe it is possible).
The current examples are against DSA, not DH.
More information about the cypherpunks
mailing list