HCR for key negotiation

Watson Ladd watsonbladd at gmail.com
Tue May 2 23:07:56 UTC 2006


First some background:
The NSA's Suit B uses a key negotiation mutual authentication method MQV.
This method was found to be insecure, and so HMQV was created. HMQV uses a
signature protocol called HCR twice in one exchange to generate a key. HCR
can prove identy of one endpoint and negotiate a key in a two message
exchange with great efficiency for both sides.
In Tor the current key generation method is quite expensive. Would it be
possible to change to HCR to improve efficency?

--
"Those who would give up Essential Liberty to purchase a little Temporary
Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060502/941daf70/attachment.htm>


More information about the tor-talk mailing list