Nate Lawson <[EMAIL PROTECTED]> writes: >All this attack allows is for one side of a DH exchange to intentionally >downgrade the security,
You've forgotten Hanlon's razor, "Never attribute to malice that which can be adequately explained by stupidity". So the comment should really be: All this attack allows is for one side of a DH exchange to inadvertently downgrade the security, This sort of thing has happened several times in the past (with RSA, not DH in this case), one example being the CA-issued exponent-one certs that I mentioned previously, the other being an implementation that shall go unnamed that sent out plaintext because the developers didn't do key paramter validation. So the problem isn't a deliberate attack, it's screwups by people implementing or deploying the crypto. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
