[Operators] IM Observatory and Diffie-Hellman parameters

Thijs Alkemade thijs at xnyhps.nl
Wed Nov 13 22:58:25 UTC 2013


On 13 nov. 2013, at 23:46, Dave Cridland <dave at cridland.net> wrote:

> On Wed, Nov 13, 2013 at 10:41 PM, Thijs Alkemade <thijs at xnyhps.nl> wrote:
> 
> On 13 nov. 2013, at 19:21, Dave Cridland <dave at cridland.net> wrote:
> 
>> To decrypt all communications using 1024-bit DH over a year is likely to be vastly bigger than for one conversation; the same isn't true for RSA, for example, where you could solve the private key once.
> 
> This got me pondering, and I'm not quite convinced this is true. It's a bit
> late, so sorry if what I'm saying has some cryptographic errors.
> 
> A naive brute-force attack on a DH key exchange would try g^1, g^2, g^3, ...
> to try to find either the exponent used by the server or the one used by the
> client. Assuming the DH group is the same, doing this for one key or for two
> or more keys at the same time should not take that much more time (I'd expect
> the multiplication by g to dominate the comparisons).
> 
> 
> Ah, so you're suggesting a brute-force attack against multiple parallel DH uses of the same key would be cost-effective?
> 
> That's interesting, and if you're right - and you may well be - then I'm certainly quite wrong here.
> 
> I've copied the security@ list on this one, where wiser minds than me hang out.

Not the same key - just multiple keys generated using the same DH group.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20131113/c41f5d58/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.jabber.org/pipermail/operators/attachments/20131113/c41f5d58/attachment.pgp>


More information about the Operators mailing list