On Thu, Jan 23, 2003 at 01:10:34PM +0100, Frank v Waveren wrote: > Am I correct in reading that one of the changes between protocol > version 0.4 and 0.46 was the abolishing of ElGamal in favour of DLES? > Was this done only for the greater cryptographic strength of DLES or > where there other reasons for changing?
No, that change occurred between 0.3 and 0.4. ElGamal itself isn't weak, but it can be taken advantage of using a chosen ciphertext attack (and possibly others I can't remember). DH-AES (DLES is a term we invented to describe DH-AES with a Discrete Logarithm based asymetric component) has much stronger security guarantees. We're not the only ones who see it this way. After our adoption of the protocol, the algorithm was submitted for IEEE standardization, and will likely appear in some next-generation applications. See the paper: http://www.cs.ucsd.edu/users/mihir/papers/dhaes.pdf Scott -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20030123/0d23fb48/attachment.pgp>
