On Sat, Sep 5, 2015 at 2:31 PM, Georgi Guninski <[email protected]> wrote: > On Sat, Sep 05, 2015 at 02:06:22PM +0000, Alfonso De Gregorio wrote: >> On Sat, Sep 5, 2015 at 1:31 PM, Georgi Guninski <[email protected]> >> wrote: >> > On Sat, Sep 05, 2015 at 11:45:07AM +0000, Peter Gutmann wrote: >> >> The real question though is, why would anyone use parameters they didn't >> >> generate themselves? All DSA implementations I've seen (apart from some >> > >> > What about MITM in DH -- where do you get the keys from >> > in this case? >> >> A key-recovery attack may allow the retroactive decryption of past >> communication sessions, if the network endpoints rely on fixed >> Diffie-Hellman. Of course, whenever an attacker can successfully mount >> a MITM attack the current sessions are compromised. >> > > Thanks. Are you referring to "DH as per the fucked RFC" or as "DH implemented > properly"?
I'm concerned with Fixed Diffie-Hellman implemented properly. Cheers, -- Alfonso
