Possible crypto backdoor in RFC-2631 Diffie-Hellman Key Agreement Method
Georgi Guninski
guninski@guninski.com
Thu Feb 18 02:08:12 PST 2016
Observe that reusage of group parameters in DH appears common:
Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice
https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf
p.3
Table 1: Top 512-bit DH primes for TLS. 8.4% of Alexa
Top 1M HTTPS domains allow DHE_EXPORT, of which
92.3% use one of the two most popular primes, shown here.
More information about the cypherpunks
mailing list