Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

DH exchange: conspiracy or ignorance?

From: elebanidze at cigital.com (Evgeny Lebanidze)
Date: Wed, 19 Sep 2007 11:31:40 -0400
Yes, this is certainly bad and a very interesting finding.  These checks should clearly be present.  Are there serious 
practical ramifications of this problem though?  In other words, how likely is it that the generated public key in the 
DH key exchange will actually be 0 or 1?  It can certainly happen, but our passive attacker would have to be passive 
for a very long time and there is no guarantee that the secret key they might eventually get will be of interest to 
them (since the attacker cannot control when a weak public key is produced).  Just a thought.

Evgeny

-------------------------------------------------
Evgeny Lebanidze
Senior Security Consultant, Cigital
703-585-5047, http://www.cigital.com
Software Confidence.  Achieved.


-----Original Message-----
From: sc-l-bounces at securecoding.org [mailto:sc-l-bounces at securecoding.org] On Behalf Of Kowsik
Sent: Wednesday, September 19, 2007 1:24 AM
To: SC-L at securecoding.org
Subject: [SC-L] DH exchange: conspiracy or ignorance?

http://labs.musecurity.com/2007/09/18/widespread-dh-implementation-weakness/

K.

ps: I work for Mu.
_______________________________________________
Secure Coding mailing list (SC-L) SC-L at securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________
Previous By Date Next
Previous By Thread Next

Current thread: