[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Small subgroups and ISAKMP/Oakley
John Kennedy writes:
> During X9.42 development discussion it was not necessarily a
> man-in-the-middle that was feared with regards to the small sub-group
> attack. Conceivably, one of the communicating parties could send a
> "bad" public number on purpose. Is this a realistic scenario?
One of the legitimate parties might be a broken implementation that
doesn't correctly check whether it has computed a public exponential
that lies in the small subgroup.
-Lewis
References: