Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method
Alfonso De Gregorio
alfonso.degregorio at gmail.com
Sat Sep 5 07:41:51 PDT 2015
On Sat, Sep 5, 2015 at 2:31 PM, Georgi Guninski <guninski at guninski.com> wrote:
> On Sat, Sep 05, 2015 at 02:06:22PM +0000, Alfonso De Gregorio wrote:
>> On Sat, Sep 5, 2015 at 1:31 PM, Georgi Guninski <guninski at guninski.com> wrote:
>> > On Sat, Sep 05, 2015 at 11:45:07AM +0000, Peter Gutmann wrote:
>> >> The real question though is, why would anyone use parameters they didn't
>> >> generate themselves? All DSA implementations I've seen (apart from some
>> >
>> > What about MITM in DH -- where do you get the keys from
>> > in this case?
>>
>> A key-recovery attack may allow the retroactive decryption of past
>> communication sessions, if the network endpoints rely on fixed
>> Diffie-Hellman. Of course, whenever an attacker can successfully mount
>> a MITM attack the current sessions are compromised.
>>
>
> Thanks. Are you referring to "DH as per the fucked RFC" or as "DH implemented
> properly"?
I'm concerned with Fixed Diffie-Hellman implemented properly.
Cheers,
-- Alfonso
More information about the cypherpunks
mailing list