Question about the CREATE cell and circuit setup
Eugene Y. Vasserman
eyv at cs.umn.edu
Fri Aug 19 05:49:08 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
I have a very quick question. While reading the DH handshake flaw post,
I noticed that the DH handshake is done by first decrypting g^x to
Bob's PK before sending (E_{Bob}(g^x)). The tor spec document says:
The payload for a CREATE cell is an 'onion skin', which consists of the
first step of the DH handshake data (also known as g^x).
The data is encrypted to Bob's PK...
Why is this? Why not send g^x in the clear? Isn't the point of DH that
you don't need encryption during the key agreement stage? Shouldn't we
be able to send g^x in the clear? The extra encryption step does not
seem to get us anything (other than heat from the CPU cycles).
Please let me know if I'm missing something - I would be happy to be
shown wrong! :)
Thanks,
Eugene
- --
Eugene Y. Vasserman
http://www.cs.umn.edu/~eyv/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDBXLT4S3hfPlRZlkRA6NKAJ40uYx3Fo6eh0FbIFsmaJVB/u7rXwCdHvAb
B5dHWv0L0aC5s1TS6Fejqbw=
=Ep0y
-----END PGP SIGNATURE-----
More information about the tor-dev
mailing list