[OTR-users] What type of encryption?
CLAY SHENTRUP
CLAY at BROKENLADDER.COM
Sat Mar 25 00:12:36 EST 2006
On 3/24/06, Gregory Maxwell <gmaxwell at gmail.com> wrote:
>
> On 3/24/06, CLAY SHENTRUP <CLAY at brokenladder.com> wrote:
> > This is probably a stupid question, but if DH was profoundly less secure
> > than expected, and a passive attacker Eve could therefore calculate the
> > shared secret of Bob and Alice, how would it help that Bob and Alice
> have
> > another way to verify that they have the same secret?
>
> Verify they had the same?
> No. If DH was profoundly less secure than expected a passive attacker
> could read the traffic. There would be no detection.
This is precisely what I said.
If the secret were further combined with another key established via
> some other means, then yes, security would be improved against a
> failure of DH. However, if DH was weak security would depend solely
> on this extra secret material, unless this extra secret were derived
> through a method similar DH, we would then lose most of the cool OTR
> properties in the event of a DH break...
I'm talking here about the Socialist Millionaire problem...about a fair
method for two parties to determine whether they have the same secret. My
question is, how does it help against a failure of DH. Did you read the
quoted text I was responding to???
CLAY
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20060324/d203c805/attachment.html>
More information about the OTR-users
mailing list