undefined | Better HN

0 pointstptacek13y ago0 comments

Zero-mod-p was an IPSEC fault, as was subgroup negotiation (but you mentioned NIST groups earlier).

Lots of people have done their own implementations of DH (DH is trivial to implement; it's just a couple lines of Ruby); how many of them do you think caught these flaws?

I have no idea what the utility of the public key is in the system you just described. Public key crypto adds susceptibility to attack; it doesn't ever really spare you from it. Here, you're vulnerable both to attacks on your HMAC verification and to implementation flaws in your more number-theoretic (and way more dangerous) public key code.

0 comments

1 comments · 1 top-level

X-Istence13y ago

Indeed, DH can be difficult to get right if you are not paying attention.

I wish I could go into more specifics for our implementation and what it is we do.

Either way the public/private key stuff is done using various "high" level libraries that make reasonable choices and are audited, so it is not code that we are implementing ourselves, nor is the HMAC. So long as there are no issues in the libraries I should be fairly good.

Thanks for the discussion :-).

j / k navigate · click thread line to collapse