Re: Fwd: Tor security advisory: DH handshake flaw

2005-08-31 Thread Simon Josefsson
Ben Laurie [EMAIL PROTECTED] writes: Simon Josefsson wrote: No, the certificate is verifiable in deterministic polynomial time. The test is probabilistic, though, but as long as it works, I don't see why that matters. However, I suspect the ANSI X9.80 or ISO 18032 paths are more promising.

Re: Fwd: Tor security advisory: DH handshake flaw

2005-08-31 Thread Werner Koch
On Mon, 29 Aug 2005 17:32:47 +0200, Simon Josefsson said: which are Fermat pseudoprime in every base. Some applications, e.g. Libgcrypt used by GnuPG, use Fermat tests, so if you have control of the random number generator, I believe you could make GnuPG believe it has found a prime when it

Re: Another entry in the internet security hall of shame....

2005-08-31 Thread Ian G
James A. Donald wrote: -- From: [EMAIL PROTECTED] (Peter Gutmann) TLS-PSK fixes this problem by providing mutual authentication of client and server as part of the key exchange. Both sides demonstrate proof-of- possession of the password (without actually communicating

Re: MD5 Collision, Visualised

2005-08-31 Thread Dan Kaminsky
Ben Laurie wrote: I wrote some code to show the internal state of MD5 during a collision... http://www.shmoo.com/md5-collision.html Cheers, Ben. Ben-- http://www.doxpara.com/md5_anim.gif Thpt ;) (That being said -- I do like your output. Very nice.) --Dan

Re: Another entry in the internet security hall of shame....

2005-08-31 Thread Victor Duchovni
On Wed, Aug 31, 2005 at 01:44:25PM +0100, Ian G wrote: Not only is there this distance, it is duplicated across all languages and all the different auth regimes and also for homegrown password auth, over every application! I'd wonder if given these barriers it will ever be possible to get

Re: Another entry in the internet security hall of shame....

2005-08-31 Thread James A. Donald
From: -- From: Stephan Neuhaus [EMAIL PROTECTED] If I have understood the draft correctly, using PSKs means that the server and the client have a shared secret that they must communicate securely beforehand, and that they use some form of ZKP to assure the other