From: "Perry E. Metzger" <pmetzger@lehman.com>
Date: Tue, 8 Feb 94 17:02:12 PST
To: rcain@netcom.com (Robert Cain)
Subject: Re: Some stuff about Diffie-Hellman (and more :-)
In-Reply-To: <199402090016.QAA22965@mail.netcom.com>
Message-ID: <199402090045.TAA09810@snark>
MIME-Version: 1.0
Content-Type: text/plain



Robert Cain says:
> Perry E. Metzger sez:
> > 
> > Indeed, a paper has been published on how to break Sun Secure RPC
> > based on the idiotic decision by someone at Sun to standardise the
> > modulus used. It is basically a matter of precomputing a lot of data
> > based on the numbers which allows you to break any particular discrete
> > log in that field on the fly. The suggestion by Mr. Cain to use a
> > single generator and modulus for all traffic is astonishingly naive.
> 
> Now wait a minute, Perry.  If a device is going to use other than a 
> set of known moduli or even just one, how are two devices going to each
> know what the other is using without a listner knowing?

You don't care if a listener hears the information on the modulus and
generator. It doesn't matter. You can broadcast it in the clear.

The point I was making was that if you always use the same modulus the
attacker can expend the effort to attack your modulus just once and
can then crack individual D-H sessions trivially. If you change each
time, you can't be attacked in this way.

.pm