[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Speaking of cryptography

To: <or-talk@xxxxxxxxxxxxx>
Subject: Re: Speaking of cryptography
From: moris blues <moris@xxxxxxxxx>
Date: Wed, 6 Jan 2010 20:04:00 +0100
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Wed, 06 Jan 2010 14:04:09 -0500
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

So when I look at the reflections, I mean that at present 
there is no reason for concern, which may be made MIM. 
This is because an additional authentication takes place. 
But it would be a safe level, if one uses the JFK protocol would, 
or the improved MQV, as it was presented in the http://www.onion-router.net/Publications.html#dh-tor  paper.

Have I correctly understood it?

Regards

On Wed 06/01/10  3:11 PM , Paul Syverson syverson@xxxxxxxxxxxxxxxx sent:
> On Wed, Jan 06, 2010 at 03:44:32AM -0500, Roger Dingledine wrote:
> > On Tue, Jan 05, 2010 at 11:26:36PM +0100, moris
> blues wrote:> > i red about: Speaking of
> cryptography,> > check for bad values of g^x,
> g^y...> > 
> > > apparently is a MIM-attack to the DH
> available. > > What options are there to protect
> themselves against. > 
> > I assume you're talking about
> > http://archives.seul.org/or/announce/Aug-2005/msg00002.html> 
> > You should also read
> > http://freehaven.net/anonbib/#tap:pet2006> 
> > > It still is the possibility to use the MQV
> HMQV protocol.> > 
> > > My question then is why it is not
> used.> > Is it possible to implement the MQV as a
> substitute for DH?> 
> > No idea. Somebody clueful in crypto would have
> to figure that one out,> and then convince somebody that's both clueful
> in crypto and well-known> in the Tor community to believe it.
> > 
> > Writing it up as a research paper and getting it
> published would be the> best approach. Writing it up as a Tor proposal
> and including a thorough> security/performance/transition analysis might
> work too. Identifying> further problems in the current approach would
> encourage us to switch> faster.
> > 
> 
> As a start on that research: we published some advantages of an
> MQV-like protocol in "Improving Efficiency and Simplicity of Tor
> circuit establishment and hidden services"
> http://www.onion-router.net/Publications.html#dh-tor
> Though we mention reasons to be hopeful about its security
> we have not done an actual security proof yet (which I'll get to in
> my copious free time), without which it is of course not to be
> recommended for use in deployed Tor or perhaps even for more detailed
> design exploration than we have already done.
> 
> aloha,
> Paul 
> ***********************************************************************
> To unsubscribe, send an e-mail to majo
> rdomo@xxxxxxxxxxxxxx withunsubscribe or-talk    in the body. http://archives.seul.org/or/talk/
> 
> 

---- 
versendet mit www.oleco.de Mail - Anmeldung und Nutzung kostenlos!
Oleco www.netlcr.org - jetzt auch mit Spamschutz.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

Prev by Author: Speaking of cryptography
Next by Author: Understanding CircID
Previous by thread: Re: Speaking of cryptography
Next by thread: [no subject]
Index(es):
- Author
- Thread