From: Andrew Lowenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Wed, 18 Jan 95 13:51:11 PST
To: jalicqui@prairienet.org (Jeff Licquia)
Subject: Re: EE Times on PRZ
Message-ID: <9501182146.AA03035@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


jalicqui@prairienet.org (Jeff Licquia) wrote:
>  It was my impression that DH had a further weakness not related to
>  the difficulty of the hard problem.  As my copy of Schneider is at
>  home, I must defer to ignorance at this point.

My understanding is that once you do the computation to solve a DH exchange   
you can use that information to easily solve any exchange under the same  
generator and modulus.  So it's important to at least use large enough  
numbers to make this unfeasable.  I think it was Suns SecureRPC that shipped  
with a fixed (and not big enough) generator and modulus and was not secure  
(assuming someone had already done the pre-computation).  Maybe this is what  
you were thinking of?

As always, proper generation of components is an important consideration in  
implementing public-key systems.


andrew