The dh small subgroup confinement attack and Tor
Watson Ladd
watsonbladd at gmail.com
Sun Aug 9 12:16:26 UTC 2009
Ringo wrote:
> Hey Tor,
>
> I was watching a presentation today
> (http://www.youtube.com/watch?v=ySQl0NhW1J0) and saw that this attack
> applied to some of the cryptography Tor uses. I googled around and
> couldn't find any information about where this attack would apply in Tor
> or if it had been fixed. It could be that this attack would still apply
> but that the way Tor implements the crypto, it's risks are negated.
>
>
> Is there anybody who can clear up my confusion?
Tor uses a subgroup of the units group mod p of prime order, preventing
small subgroup confinement.
>
> Thanks,
> Ringo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20090809/dbcd83d6/attachment.pgp>
More information about the tor-talk
mailing list