[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Another pothole in ISAKMP/Oakley



OK, but for a Sophie Germaine prime, (g^a)^q = +- 1, so a check for this
is sufficient, as is authentication of the offered exponentials.

I can see adding the +-1 check to the spec, just for belt and suspenders.

The EC group recommended in the original Oakley has a subgroup of order 12;
I suppose that before using it one should be warned to implement the
small group check, again as belt and suspenders.

Hilarie


References: