[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Speaking of cryptography
So when I look at the reflections, I mean that at present
there is no reason for concern, which may be made MIM.
This is because an additional authentication takes place.
But it would be a safe level, if one uses the JFK protocol would,
or the improved MQV, as it was presented in the http://www.onion-router.net/Publications.html#dh-tor paper.
Have I correctly understood it?
Regards
On Wed 06/01/10 3:11 PM , Paul Syverson syverson@xxxxxxxxxxxxxxxx sent:
> On Wed, Jan 06, 2010 at 03:44:32AM -0500, Roger Dingledine wrote:
> > On Tue, Jan 05, 2010 at 11:26:36PM +0100, moris
> blues wrote:> > i red about: Speaking of
> cryptography,> > check for bad values of g^x,
> g^y...> >
> > > apparently is a MIM-attack to the DH
> available. > > What options are there to protect
> themselves against. >
> > I assume you're talking about
> > http://archives.seul.org/or/announce/Aug-2005/msg00002.html>
> > You should also read
> > http://freehaven.net/anonbib/#tap:pet2006>
> > > It still is the possibility to use the MQV
> HMQV protocol.> >
> > > My question then is why it is not
> used.> > Is it possible to implement the MQV as a
> substitute for DH?>
> > No idea. Somebody clueful in crypto would have
> to figure that one out,> and then convince somebody that's both clueful
> in crypto and well-known> in the Tor community to believe it.
> >
> > Writing it up as a research paper and getting it
> published would be the> best approach. Writing it up as a Tor proposal
> and including a thorough> security/performance/transition analysis might
> work too. Identifying> further problems in the current approach would
> encourage us to switch> faster.
> >
>
> As a start on that research: we published some advantages of an
> MQV-like protocol in "Improving Efficiency and Simplicity of Tor
> circuit establishment and hidden services"
> http://www.onion-router.net/Publications.html#dh-tor
> Though we mention reasons to be hopeful about its security
> we have not done an actual security proof yet (which I'll get to in
> my copious free time), without which it is of course not to be
> recommended for use in deployed Tor or perhaps even for more detailed
> design exploration than we have already done.
>
> aloha,
> Paul
> ***********************************************************************
> To unsubscribe, send an e-mail to majo
> rdomo@xxxxxxxxxxxxxx withunsubscribe or-talk in the body. http://archives.seul.org/or/talk/
>
>
----
versendet mit www.oleco.de Mail - Anmeldung und Nutzung kostenlos!
Oleco www.netlcr.org - jetzt auch mit Spamschutz.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/