Speaking of cryptography

Roger Dingledine arma at mit.edu
Wed Jan 6 08:44:32 UTC 2010


On Tue, Jan 05, 2010 at 11:26:36PM +0100, moris blues wrote:
> i red about: Speaking of cryptography,
> check for bad values of g^x, g^y...
> 
> apparently is a MIM-attack to the DH available. 
> What options are there to protect themselves against. 

I assume you're talking about
http://archives.seul.org/or/announce/Aug-2005/msg00002.html

You should also read
http://freehaven.net/anonbib/#tap:pet2006

> It still is the possibility to use the MQV HMQV protocol.
> 
> My question then is why it is not used.
> Is it possible to implement the MQV as a substitute for DH?

No idea. Somebody clueful in crypto would have to figure that one out,
and then convince somebody that's both clueful in crypto and well-known
in the Tor community to believe it.

Writing it up as a research paper and getting it published would be the
best approach. Writing it up as a Tor proposal and including a thorough
security/performance/transition analysis might work too. Identifying
further problems in the current approach would encourage us to switch
faster.

--Roger

***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list