So when I look at the reflections, I mean that at present there is no reason for concern, which may be made MIM. This is because an additional authentication takes place. But it would be a safe level, if one uses the JFK protocol would, or the improved MQV, as it was presented in the http://www.onion-router.net/Publications.html#dh-tor paper.
Have I correctly understood it? Regards On Wed 06/01/10 3:11 PM , Paul Syverson [email protected] sent: > On Wed, Jan 06, 2010 at 03:44:32AM -0500, Roger Dingledine wrote: > > On Tue, Jan 05, 2010 at 11:26:36PM +0100, moris > blues wrote:> > i red about: Speaking of > cryptography,> > check for bad values of g^x, > g^y...> > > > > apparently is a MIM-attack to the DH > available. > > What options are there to protect > themselves against. > > > I assume you're talking about > > http://archives.seul.org/or/announce/Aug-2005/msg00002.html> > > You should also read > > http://freehaven.net/anonbib/#tap:pet2006> > > > It still is the possibility to use the MQV > HMQV protocol.> > > > > My question then is why it is not > used.> > Is it possible to implement the MQV as a > substitute for DH?> > > No idea. Somebody clueful in crypto would have > to figure that one out,> and then convince somebody that's both clueful > in crypto and well-known> in the Tor community to believe it. > > > > Writing it up as a research paper and getting it > published would be the> best approach. Writing it up as a Tor proposal > and including a thorough> security/performance/transition analysis might > work too. Identifying> further problems in the current approach would > encourage us to switch> faster. > > > > As a start on that research: we published some advantages of an > MQV-like protocol in "Improving Efficiency and Simplicity of Tor > circuit establishment and hidden services" > http://www.onion-router.net/Publications.html#dh-tor > Though we mention reasons to be hopeful about its security > we have not done an actual security proof yet (which I'll get to in > my copious free time), without which it is of course not to be > recommended for use in deployed Tor or perhaps even for more detailed > design exploration than we have already done. > > aloha, > Paul > *********************************************************************** > To unsubscribe, send an e-mail to majo > [email protected] withunsubscribe or-talk in the body. > http://archives.seul.org/or/talk/ > > ---- versendet mit www.oleco.de Mail - Anmeldung und Nutzung kostenlos! Oleco www.netlcr.org - jetzt auch mit Spamschutz. *********************************************************************** To unsubscribe, send an e-mail to [email protected] with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
