[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Question about the CREATE cell and circuit setup



-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

I have a very quick question. While reading the DH handshake flaw post,
 I noticed that the DH handshake is done by first decrypting g^x to
Bob's PK before sending (E_{Bob}(g^x)). The tor spec document says:
The payload for a CREATE cell is an 'onion skin', which consists of the
first step of the DH handshake data (also known as g^x).
The data is encrypted to Bob's PK...

Why is this? Why not send g^x in the clear? Isn't the point of DH that
you don't need encryption during the key agreement stage? Shouldn't we
be able to send g^x in the clear? The extra encryption step does not
seem to get us anything (other than heat from the CPU cycles).
Please let me know if I'm missing something - I would be happy to be
shown wrong! :)
Thanks,
Eugene

- --
Eugene Y. Vasserman
http://www.cs.umn.edu/~eyv/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDBXLT4S3hfPlRZlkRA6NKAJ40uYx3Fo6eh0FbIFsmaJVB/u7rXwCdHvAb
B5dHWv0L0aC5s1TS6Fejqbw=
=Ep0y
-----END PGP SIGNATURE-----