Speaking of cryptography
Roger Dingledine
arma at mit.edu
Wed Jan 6 08:44:32 UTC 2010
On Tue, Jan 05, 2010 at 11:26:36PM +0100, moris blues wrote:
> i red about: Speaking of cryptography,
> check for bad values of g^x, g^y...
>
> apparently is a MIM-attack to the DH available.
> What options are there to protect themselves against.
I assume you're talking about
http://archives.seul.org/or/announce/Aug-2005/msg00002.html
You should also read
http://freehaven.net/anonbib/#tap:pet2006
> It still is the possibility to use the MQV HMQV protocol.
>
> My question then is why it is not used.
> Is it possible to implement the MQV as a substitute for DH?
No idea. Somebody clueful in crypto would have to figure that one out,
and then convince somebody that's both clueful in crypto and well-known
in the Tor community to believe it.
Writing it up as a research paper and getting it published would be the
best approach. Writing it up as a Tor proposal and including a thorough
security/performance/transition analysis might work too. Identifying
further problems in the current approach would encourage us to switch
faster.
--Roger
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list