[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
HCR for key negotiation
- To: or-talk@xxxxxxxxxxxxx
- Subject: HCR for key negotiation
- From: "Watson Ladd" <watsonbladd@xxxxxxxxx>
- Date: Tue, 2 May 2006 19:07:56 -0400
- Delivered-to: archiver@seul.org
- Delivered-to: or-talk-outgoing@seul.org
- Delivered-to: or-talk@seul.org
- Delivery-date: Tue, 02 May 2006 19:08:06 -0400
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=Ni30kqlqR7jaA2gdMyBV2/lGY2CiMl8LUL/xY2gl3CyFOuR96plU+i0SE3JsEHC0IPKWF1nBDodzFJpGUpdEAfodUJVZkt5tJ03EnENX3r4Eru56h/uA1NJ+Z5KFSXpXMj4V2P2BHUdQzmMiwBJhnF1fOKFm9EYSzSILleeGZuM=
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
First some background:
The NSA's Suit B uses a key negotiation mutual authentication method MQV. This method was found to be insecure, and so HMQV was created. HMQV uses a signature protocol called HCR twice in one exchange to generate a key. HCR can prove identy of one endpoint and negotiate a key in a two message exchange with great efficiency for both sides.
In Tor the current key generation method is quite expensive. Would it be possible to change to HCR to improve efficency?
--
"Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety."
-- Benjamin Franklin