On 06/05/12 01:42, Hubert Kario wrote: > But it's the size of prime used that sets the security level, which > just happens to share security evaluation with RSA as far as number > of bits is concerned (IOW: n-bit DH is considered to be as hard to > attack as n-bit RSA).
Ah, yes, I misunderstood your point. But the DH protects the session. Cracking DH will get you the session contents. RSA is only used to authenticate. If it weren't for the symmetric encryption of the session, you can probably even get a (plaintext,ciphertext) pair. I've quickly snooped through the RFC's. RSA is used by the client to sign the "session identifier", which is determined by DH. Determining the (plaintext, ciphertext) pair from RSA gets you nothing in this case. Which is fortunate, because the server you log into also has the (plaintext, ciphertext) pair after you authenticate. Actually factoring the semiprime is obviously something completely different. But we were talking about keeping confidential messages confidential for decades. There is nothing confidential about an authentication challenge. Confidentiality is encryption. Authentication is a form of signing[1]. With signatures, the plaintext is not confidential. > DH without authentication is useless (trivial to MITM). You need to > authenticate the DH params you recieve from the other party before > you do anything with them. The /server/ is authenticated during key exchange. The /client/ can also be authenticated with a plaintext password sent over the encrypted connection to the server. I don't think the client is authenticated until after key exchange, whether you use RSA or a password (or another form of authentication). Peter. [1] Signing a challenge, which is still quite different in nature from signing data. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users