On Sep 19, 2007, at 5:01 PM, Nash Foster wrote:
Any actual cryptographers care to comment on this? I don't feel qualified to judge.
If the affected software is doing DH with a malicious/compromised peer, the peer can make it arrive at a predictable secret -- which would be known to some passive listener. But hey, if the peer is malicious or compromised to begin with, it could just as well do DH normally and explicitly send the secret to the listener when it's done. Not much to see here.
-- Ivan Krstić <[EMAIL PROTECTED]> | http://radian.org --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
