[1433] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Diffie Hellman timings

daemon@ATHENA.MIT.EDU (Phil Karn)
Sat Sep 6 19:34:01 1997

Date: Sat, 6 Sep 1997 15:58:50 -0700 (PDT)
From: Phil Karn <karn@qualcomm.com>
To: frantz@netcom.com
CC: cryptography@c2.net, coderpunks@toad.com, frantz@communities.com,
        karn@qualcomm.com
In-reply-to: <v0300782ab0360ce85d81@[207.94.249.183]> (message from Bill
	Frantz on Fri, 5 Sep 1997 12:24:43 -0700)

I made the exact same suggestion several years ago. At the time,
nobody seemed to have a good answer. Diffie and Hellman both thought
that making the secret exponent at least double the length of the
eventual shared key should be safe from birthday attacks, but they
emphasized this was mostly intuition. I didn't follow up on the issue,
so I don't know if there have been any harder results since.

Phil


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[1433] in cryptography@c2.net mail archive

Re: Diffie Hellman timings

daemon@ATHENA.MIT.EDU (Phil Karn)Sat Sep 6 19:34:01 1997

daemon@ATHENA.MIT.EDU (Phil Karn)
Sat Sep 6 19:34:01 1997