[8854] in cryptography@c2.net mail archive
Re: Starium (was Re: article: german secure phone)
daemon@ATHENA.MIT.EDU (Paul Crowley)
Thu Jun 14 17:35:19 2001
To: codehead@ix.netcom.com
Cc: <cryptography@wasabisystems.com>
From: Paul Crowley <paul@cluefactory.org.uk>
Date: 14 Jun 2001 14:50:20 +0100
In-Reply-To: codehead@ix.netcom.com's message of "Mon, 4 Jun 2001 11:44:03 -0700"
Message-ID: <87d787b277.fsf@saltationism.subnet.hedonism.cluefactory.org.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
codehead@ix.netcom.com writes:
> In the spring of 1999, at the request of a VC, I went to a garage.
> com meeting where one of the Starium versions was demonstrated. At
> the time it was "a bump in the line" version, but instead of having a
> "green light" indicator, there was a 4-digit LCD display.
>
> Eric Blossom said that the display showed the last four digits of the
> Diffie-Hellman key that was negotiated at the start of conversation.
> The participants in the conversation could read the digits off and
> confirm that there had not been a MITM attack.
This is only secure if all parties are forced to commit to the DH
information they're going to send before they send it. Otherwise,
it's trivial to collect g^x_1, g^y_2 from the two parties, then
generate y_1, x_2 s.t. the resulting g^{x_1 y_1}, g^{x_2 y_2} collide
in the last four digits by trying about a hundred candidates for each
in a birthday attack.
--
__ Paul Crowley
\/ o\ sig@paul.cluefactory.org.uk
/\__/ http://www.cluefactory.org.uk/paul/
"Conservation of angular momentum makes the world go around" - John Clark
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
