[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
HCR for key negotiation
- To: or-talk@xxxxxxxxxxxxx
- Subject: HCR for key negotiation
- From: "Watson Ladd" <watsonbladd@xxxxxxxxx>
- Date: Tue, 2 May 2006 19:07:56 -0400
- Delivered-to: email@example.com
- Delivered-to: firstname.lastname@example.org
- Delivered-to: email@example.com
- Delivery-date: Tue, 02 May 2006 19:08:06 -0400
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=Ni30kqlqR7jaA2gdMyBV2/lGY2CiMl8LUL/xY2gl3CyFOuR96plU+i0SE3JsEHC0IPKWF1nBDodzFJpGUpdEAfodUJVZkt5tJ03EnENX3r4Eru56h/uA1NJ+Z5KFSXpXMj4V2P2BHUdQzmMiwBJhnF1fOKFm9EYSzSILleeGZuM=
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
First some background:
The NSA's Suit B uses a key negotiation mutual authentication method MQV. This method was found to be insecure, and so HMQV was created. HMQV uses a signature protocol called HCR twice in one exchange to generate a key. HCR can prove identy of one endpoint and negotiate a key in a two message exchange with great efficiency for both sides.
In Tor the current key generation method is quite expensive. Would it be possible to change to HCR to improve efficency?
"Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety."
-- Benjamin Franklin