[18346] in cryptography@c2.net mail archive
Re: Fwd: Tor security advisory: DH handshake flaw
daemon@ATHENA.MIT.EDU (Simon Josefsson)
Wed Aug 31 08:54:00 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: Simon Josefsson <jas@extundo.com>
To: Ben Laurie <ben@algroup.co.uk>
Cc: cryptography@metzdowd.com, astiglic@okiok.com
Date: Wed, 31 Aug 2005 10:42:41 +0200
In-Reply-To: <4314B0B3.60907@algroup.co.uk> (Ben Laurie's message of "Tue, 30
Aug 2005 20:17:07 +0100")
Ben Laurie <ben@algroup.co.uk> writes:
> Simon Josefsson wrote:
>> No, the certificate is verifiable in deterministic polynomial time.
>> The test is probabilistic, though, but as long as it works, I don't
>> see why that matters. However, I suspect the ANSI X9.80 or ISO 18032
>> paths are more promising. I was just tossing out URLs.
>
> Surely Miller-Rabin is polynomial time anyway?
Yes, but it doesn't produce certificates; the algorithm that I cited
do. The algorithm to _verify_ the certificate was not probabilistic,
only the algorithm to _produce_ the certificates was probabilistic.
Btw, could you describe the threat scenario where you believe this
test would be useful?
Thanks,
Simon
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
