[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Some stuff about Diffie-Hellman (and more :-)



Perry E. Metzger sez:
> 
> Indeed, a paper has been published on how to break Sun Secure RPC
> based on the idiotic decision by someone at Sun to standardise the
> modulus used. It is basically a matter of precomputing a lot of data
> based on the numbers which allows you to break any particular discrete
> log in that field on the fly. The suggestion by Mr. Cain to use a
> single generator and modulus for all traffic is astonishingly naive.

Now wait a minute, Perry.  If a device is going to use other than a 
set of known moduli or even just one, how are two devices going to each
know what the other is using without a listner knowing?  I think it is
pretty much agreed that devices that use "secret" numbers are not very
practical.  What you say seems to indicate that D-H as we know and
love it has been rendered obsolete because it depends on the modulus
being known.  What am I missing?


Peace,

Bob

-- 
Bob Cain    [email protected]   408-354-8021


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------