1993-07-18 - Re: Diffie-Hellman Weakness Weakness
Header Data
From: jpp@markv.com
To: diffie@eng.sun.com
Message Hash: a1db11d5ec235bdce7981e0b591f731fc8a3b43699b599521958cd3118fd71a2
Message ID: <9307181614.aa18663@hermix.markv.com>
Reply To: <9307181700.AA08369@netcom4.netcom.com>
UTC Datetime: 1993-07-18 23:15:08 UTC
Raw Date: Sun, 18 Jul 93 16:15:08 PDT
Raw message
From: jpp@markv.com
Date: Sun, 18 Jul 93 16:15:08 PDT
To: diffie@eng.sun.com
Subject: Re: Diffie-Hellman Weakness Weakness
In-Reply-To: <9307181700.AA08369@netcom4.netcom.com>
Message-ID: <9307181614.aa18663@hermix.markv.com>
MIME-Version: 1.0
Content-Type: text/plain
If you compare the digital interceptor, to the voice interceptor,
fairly, you will see they are in equally strong positions.
When I am phoneing a person I know, I am automatically checking the
`signature' of their voice. The other party on the line might be able
to convince me they have a cold, but I hope I will have enough wisdom
to postpone discussing the March 15th assassination plot untill the
cold clears up.
So we should compare a voice interceptor on a channel where the two
people don't know each other's voice to the unsigned digital
interceptor. In this case, the interceptor can claim to one party to
be the other party, and remain undetected. This is the Diffe-Helman
weakness.
Alternatively we should compare the voice interceptor on a channel
where the two people do know each other's voice to the signed digital
interceptor. In this case, the interceptor will either be detected
should some minimal authentication and verification be tried, or the
interceptor will be unable to even listen in. The weakness remains
here, but it has been patched over with authentication, and signed
verification of the channel key. This is the Diffe-Helman weakness
weakness.
The (potential) interceptor is the reason why we must be so very
carefull when validating other people's public keys. I know there is
no interceptor between me and the people who's keys I sign. If I can
be sure of no interceptors between one of them, and the person I wish
to speak to, then I will be able to establish a secure channel.
BTW props (respect, and thanks) to Diffe for his work creating this
fascinating field of mathematics and cryptography.
j'
--
O I am Jay Prime Positive jpp@markv.com
1250 bit key fingerprint = B8 95 E0 AF 9A A2 CD A5 89 C9 F0 FE B4 3A 2C 3F
524 bit key fingerprint = 8A 7C B9 F2 D5 46 4D ED 66 23 F1 71 DE FF 51 48
Public keys by `finger jpp @hermix.markv.com' or pgp-public-keys@pgp.mit.edu
Your feedback is welcome, directly or via symbol JPP on hex@sea.east.sun.com
Thread
Return to July 1993
- Return to “jpp@markv.com”
- Return to “norm@netcom.com (Norman Hardy)”
Return to ““Perry E. Metzger” <pmetzger@lehman.com>”
- 1993-07-18 (Sun, 18 Jul 93 09:59:58 PDT) - Diffie-Hellman Weakness Weakness - norm@netcom.com (Norman Hardy)
- 1993-07-18 (Sun, 18 Jul 93 16:15:08 PDT) - Re: Diffie-Hellman Weakness Weakness - jpp@markv.com
- 1993-07-19 (Mon, 19 Jul 93 09:45:24 PDT) - Re: Diffie-Hellman Weakness Weakness - “Perry E. Metzger” <pmetzger@lehman.com>
- 1993-07-18 (Sun, 18 Jul 93 16:15:08 PDT) - Re: Diffie-Hellman Weakness Weakness - jpp@markv.com