[18341] in cryptography@c2.net mail archive
Re: Fwd: Tor security advisory: DH handshake flaw
daemon@ATHENA.MIT.EDU (Ben Laurie)
Tue Aug 30 16:00:24 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 30 Aug 2005 20:17:07 +0100
From: Ben Laurie <ben@algroup.co.uk>
To: Simon Josefsson <jas@extundo.com>
Cc: cryptography@metzdowd.com, astiglic@okiok.com
In-Reply-To: <iluek8c3kvb.fsf@latte.josefsson.org>
Simon Josefsson wrote:
> No, the certificate is verifiable in deterministic polynomial time.
> The test is probabilistic, though, but as long as it works, I don't
> see why that matters. However, I suspect the ANSI X9.80 or ISO 18032
> paths are more promising. I was just tossing out URLs.
Surely Miller-Rabin is polynomial time anyway?
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
