[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CERT advisory



Eric Hughes sez:
> 
> Since active interception is not nearly so easy as passive listening,

This isn't true of anything but the aether itself or a point to point
wire with integrity.  In any switched or networked system with routing,
active interception is trivial.  That is why D-H has a lower level
of applicability than generally considered.

> it would be appropriate to use a Diffie-Hellman key exchange in this
> situation.  This protocol has no persistent private keys, so the issue
> of keeping a private key around securely is not an issue.

Yes, the one time key usage is an important factor in the D-H.
Nothing can be determined from one session that will help in
breaking another.


Peace,

Bob

-- 
Bob Cain    [email protected]   408-354-8021


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------