[45178] in Cypherpunks
Re: Timing Cryptanalysis Attack
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Mon Dec 11 13:51:10 1995
To: Eric Young <eay@mincom.oz.au>
Cc: cypherpunks@toad.com
In-Reply-To: Your message of "Mon, 11 Dec 1995 19:40:14 +1000."
<Pine.SOL.3.91.951211192419.28608P-100000@orb>
Reply-To: perry@piermont.com
Date: Mon, 11 Dec 1995 13:13:34 -0500
From: "Perry E. Metzger" <perry@piermont.com>
Eric Young writes:
> Read the SKIP spec (SKIP is Sun's IP level encryption protocol). It uses
> Diffle-Hellman certificates.
Photuris, which likely will be the standard way to do this sort of
thing on top of IPsec, also suffers from the problem, but I suspect
the next version of the draft (number 9) will have it fixed.
More interesting is the fact that a number of NSA vetted protocols
seem to have the flaw. Obviously, they either didn't know or didn't
say anything about it to the folks designing such stuff...
Perry
