[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Small subgroups and ISAKMP/Oakley



Given the nature of modular exponentiation I would expect the chances of "accidently" generating
such a public number to be pretty small.  In other words, I wouldn't expect there to be much value in
a sender doing this check.  Creating such a public number is something a communicant would do on purpose.  The reason a communicant would do this is because he wants to enable a third party to listen in.  
As far as this being realistic, some argue that it is just as easy for the bad party to just leak the plaintext out to the third party through another channel.

Thus, I think testing of the public number is something that is the responsiblity of the the receiver.

Balancing the risk and cost of doing or not doing most of these different types of checks is something best left to implementors.  Where there is clear value to a check that is easy to do then we should include it as mandatory.  Otherwise, let the implementors make these choices based on the application, value of the information being protected, and the implementation platform.  The more conservative implementors may not get market share due to performance problems, but when their competitor gets raked over the coals because they took a little "shortcut", suddenly the conservative guys look a lot better.  That's what makes this business so much fun. :)

-John

>>> Lewis McCarthy <lmccarth@cs.umass.edu> 04/16/97 07:52PM >>>
John Kennedy writes:
> During X9.42 development discussion it was not necessarily a 
> man-in-the-middle that was feared with regards to the small sub-group 
> attack.  Conceivably, one of the communicating parties could send a 
> "bad" public number on purpose.  Is this a realistic scenario?  

One of the legitimate parties might be a broken implementation that
doesn't correctly check whether it has computed a public exponential 
that lies in the small subgroup. 

-Lewis
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               !