[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Question about the CREATE cell and circuit setup
- To: or-dev@xxxxxxxxxxxxx
- Subject: Question about the CREATE cell and circuit setup
- From: "Eugene Y. Vasserman" <eyv@xxxxxxxxxx>
- Date: Fri, 19 Aug 2005 00:49:08 -0500
- Delivered-to: archiver@seul.org
- Delivered-to: or-dev-outgoing@seul.org
- Delivered-to: or-dev@seul.org
- Delivery-date: Fri, 19 Aug 2005 01:48:39 -0400
- Openpgp: url=https://keyserver.pgp.com/vkd/DownloadKey.event?keyid=0xE12DE17CF9516659
- Organization: University of Minnesota
- Reply-to: or-dev@xxxxxxxxxxxxx
- Sender: owner-or-dev@xxxxxxxxxxxxx
- User-agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
I have a very quick question. While reading the DH handshake flaw post,
I noticed that the DH handshake is done by first decrypting g^x to
Bob's PK before sending (E_{Bob}(g^x)). The tor spec document says:
The payload for a CREATE cell is an 'onion skin', which consists of the
first step of the DH handshake data (also known as g^x).
The data is encrypted to Bob's PK...
Why is this? Why not send g^x in the clear? Isn't the point of DH that
you don't need encryption during the key agreement stage? Shouldn't we
be able to send g^x in the clear? The extra encryption step does not
seem to get us anything (other than heat from the CPU cycles).
Please let me know if I'm missing something - I would be happy to be
shown wrong! :)
Thanks,
Eugene
- --
Eugene Y. Vasserman
http://www.cs.umn.edu/~eyv/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDBXLT4S3hfPlRZlkRA6NKAJ40uYx3Fo6eh0FbIFsmaJVB/u7rXwCdHvAb
B5dHWv0L0aC5s1TS6Fejqbw=
=Ep0y
-----END PGP SIGNATURE-----