On Tue, Jan 05, 2010 at 11:26:36PM +0100, moris blues wrote: > i red about: Speaking of cryptography, > check for bad values of g^x, g^y... > > apparently is a MIM-attack to the DH available. > What options are there to protect themselves against.
I assume you're talking about http://archives.seul.org/or/announce/Aug-2005/msg00002.html You should also read http://freehaven.net/anonbib/#tap:pet2006 > It still is the possibility to use the MQV HMQV protocol. > > My question then is why it is not used. > Is it possible to implement the MQV as a substitute for DH? No idea. Somebody clueful in crypto would have to figure that one out, and then convince somebody that's both clueful in crypto and well-known in the Tor community to believe it. Writing it up as a research paper and getting it published would be the best approach. Writing it up as a Tor proposal and including a thorough security/performance/transition analysis might work too. Identifying further problems in the current approach would encourage us to switch faster. --Roger *********************************************************************** To unsubscribe, send an e-mail to [email protected] with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
