[OTR-users] What type of encryption?

CLAY SHENTRUP CLAY at BROKENLADDER.COM
Sat Mar 25 00:12:36 EST 2006


On 3/24/06, Gregory Maxwell <gmaxwell at gmail.com> wrote:
>
> On 3/24/06, CLAY SHENTRUP <CLAY at brokenladder.com> wrote:
> > This is probably a stupid question, but if DH was profoundly less secure
> > than expected, and a passive attacker Eve could therefore calculate the
> > shared secret of Bob and Alice, how would it help that Bob and Alice
> have
> > another way to verify that they have the same secret?
>
> Verify they had the same?
> No.  If DH was profoundly less secure than expected a passive attacker
> could read the traffic. There would be no detection.


This is precisely what I said.

If the secret were further combined with another key established via
> some other means, then yes, security would be improved against a
> failure of DH.   However, if DH was weak security would depend solely
> on this extra secret material, unless this extra secret were derived
> through a method similar DH, we would then lose most of the cool OTR
> properties in the event of a DH break...


I'm talking here about the Socialist Millionaire problem...about a fair
method for two parties to determine whether they have the same secret.  My
question is, how does it help against a failure of DH.  Did you read the
quoted text I was responding to???

CLAY
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20060324/d203c805/attachment.html>


More information about the OTR-users mailing list