Speaking of cryptography

moris blues moris at oleco.net
Wed Jan 6 19:04:00 UTC 2010 

So when I look at the reflections, I mean that at present 
there is no reason for concern, which may be made MIM. 
This is because an additional authentication takes place. 
But it would be a safe level, if one uses the JFK protocol would, 
or the improved MQV, as it was presented in the http://www.onion-router.net/Publications.html#dh-tor  paper.

Have I correctly understood it?

Regards

On Wed 06/01/10  3:11 PM , Paul Syverson syverson at itd.nrl.navy.mil sent:
> On Wed, Jan 06, 2010 at 03:44:32AM -0500, Roger Dingledine wrote:
> > On Tue, Jan 05, 2010 at 11:26:36PM +0100, moris
> blues wrote:> > i red about: Speaking of
> cryptography,> > check for bad values of g^x,
> g^y...> > 
> > > apparently is a MIM-attack to the DH
> available. > > What options are there to protect
> themselves against. > 
> > I assume you're talking about
> > http://archives.seul.org/or/announce/Aug-2005/msg00002.html> 
> > You should also read
> > http://freehaven.net/anonbib/#tap:pet2006> 
> > > It still is the possibility to use the MQV
> HMQV protocol.> > 
> > > My question then is why it is not
> used.> > Is it possible to implement the MQV as a
> substitute for DH?> 
> > No idea. Somebody clueful in crypto would have
> to figure that one out,> and then convince somebody that's both clueful
> in crypto and well-known> in the Tor community to believe it.
> > 
> > Writing it up as a research paper and getting it
> published would be the> best approach. Writing it up as a Tor proposal
> and including a thorough> security/performance/transition analysis might
> work too. Identifying> further problems in the current approach would
> encourage us to switch> faster.
> > 
> 
> As a start on that research: we published some advantages of an
> MQV-like protocol in "Improving Efficiency and Simplicity of Tor
> circuit establishment and hidden services"
> http://www.onion-router.net/Publications.html#dh-tor
> Though we mention reasons to be hopeful about its security
> we have not done an actual security proof yet (which I'll get to in
> my copious free time), without which it is of course not to be
> recommended for use in deployed Tor or perhaps even for more detailed
> design exploration than we have already done.
> 
> aloha,
> Paul 
> ***********************************************************************
> To unsubscribe, send an e-mail to majo
> rdomo at torproject.org withunsubscribe or-talk    in the body. http://archives.seul.org/or/talk/
> 
> 

---- 
versendet mit www.oleco.de Mail - Anmeldung und Nutzung kostenlos!
Oleco www.netlcr.org - jetzt auch mit Spamschutz.
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

More information about the tor-talk mailing list