Damien Miller wrote:
> OTOH Racoon/ipsec-tools would benefit from the extra sanity checks
> that Ben Laurie added to OpenSSL for the 0.9.8a release[3], assuming
> it was compiled against that version or later.
I have to say that Nick Mathewson should get all the credit for this, I
was merely a fac
Nate Lawson <[EMAIL PROTECTED]> writes:
>All this attack allows is for one side of a DH exchange to intentionally
>downgrade the security,
You've forgotten Hanlon's razor, "Never attribute to malice that which can be
adequately explained by stupidity". So the comment should really be:
All thi
On Wed, 19 Sep 2007, Nash Foster wrote:
> http://labs.musecurity.com/2007/09/18/widespread-dh-implementation-weakness/
>
> Any actual cryptographers care to comment on this? I don't feel
> qualified to judge.
I "discovered" this minor weakness in most of the open source IPSec
implementations in
Sidney Markowitz wrote, On 21/9/07 8:24 AM:
> Ben Laurie wrote, On 21/9/07 1:34 AM:
>> "Entity i cannot be coerced into sharing a key with entity j without i’s
>> knowledge, ie, when i believes the key is shared with some entity l != j."
>
> The "without i's knowledge" part is critical to the argu
Ivan Krstic
> ... But hey, if the peer is malicious or compromised to begin with,
> it could just as well do DH normally and explicitly send the secret
> to the listener when it's done. Not much to see here.
But it gets more interesting if the endpoints are not completely and
solely controlled b