[13979] in Cypherpunks

home help back first fref pref prev next nref lref last post

Re: D-H key exchange - how does it work?

daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Fri May 20 13:07:00 1994

To: hughes@ah.com (Eric Hughes)
Cc: cypherpunks@toad.com
In-Reply-To: Your message of "Fri, 20 May 1994 09:55:36 PDT."
             <9405201655.AA11052@ah.com> 
Reply-To: perry@imsi.com
Date: Fri, 20 May 1994 12:59:22 -0400
From: "Perry E. Metzger" <perry@imsi.com>


Eric Hughes says:
>    > In addition, changing the modulus can have unpleasant effects on
>    > traffic analysis, if not done properly.
> 
>    Of what sort?
> 
> For D-H, the modulus must be transmitted in the clear.  Unless you use
> a different modulus for each conversation, there is a persistency to
> the moduli that gives rise to a pseudo-identity.

You don't HAVE to transmit the modulus in the clear. Its often
worthwhile to use D-H for key exchange even if both sides know the
other's RSA public keys. Why? Because then the keys used for
conventional session encryption need not be compromised for historical
traffic even if the RSA keys are later compromised.

Perry

home help back first fref pref prev next nref lref last post