Collaborate Disseminate
As I was listening to an interview yesterday, the journalist claimed that his Signal communications were being spied on by the NSA. Whether to believe him or not is subjective. Still, it is an objective truth that nation-states can break i… Continue reading Minimizing trust assumptions in Messaging Protocols
Let’s assume that authentication with certificates has been well performed, next step is to generate short-term private&public ECC keys for ECDH shared key computation.
Alice: Generates keyA with RNG and calculates pubkeyA, shares pub… Continue reading Why do you need random number for ECDH shared key computation
The Subject Public Key Info field can have a value like ECDSA_P256 or ECDH_P256 when ECC is used.
Why is it not sufficient to specify "ECC_P256"? In other words, why is it not enough to specify just the curve parameters (like pri… Continue reading Why does the Public Key Info field in an X509 certificate for EC indicate the algorithm
I am trying to understand some concepts such as DH problem and its variants. I have the following question from the book I read. (note that I translated the question from my language to english)
Assume that two parties are using DH to mak… Continue reading which DH protocol is safer in communication with given condition? [migrated]
I’ve been reading lately about the Double Ratchet protocol, how it works conceptually. I understand generally the idea behind the protocol, that it provides Forward Secrecy and Post-Compromise security (the healing period depending on how … Continue reading Benefits of the Double Ratchet protocol over the constant Ephemeral DH key exchange
I came across a packet capture in Wireshark where p length = 257 bytes and pubkey length = 256 bytes. See the ServerKeyExchange snip below:
Diffie-Hellman Server Params
p Length: 257
p: 00a81c7b6633732007ba19bf733fc5f6cf5d0c9f8e03e… Continue reading DHE key exchange with p value 257 bytes but a pubkey of 256 bytes
We have received a vulnerability report where these values should be increased to 2048.
Can you please help me on this?
Continue reading Does Windows 7 support DHE/0ECDHE? [closed]
When I try to connect to the site https://api-mte.itespp.org with OpenSSL (openssl s_client -connect api-mte.itespp.org:443 -brief), it complains that the DH key is too small. But when I analyze its certificate, it says the RSA key is 2048… Continue reading Why do I get the error "dh key too small" when the RSA key is 2048 bits?
I understand that in a non-authenticated Diffie-Hellman setup, a man-in-the-middle attack can occur. Now i’m curious about the feasibility of the following scenario:
Let’s assume a situation where www.example.com exclusively supports authe… Continue reading Evading authenticated diffie hellman with MITM
The Dutch National Cyber Security Centre publishes advice for TLS configuration. Their latest guidelines can be found on their website.
One of the points in their latest guidline is that ffdhe2048 parameters should be phased out and replac… Continue reading Which clients do not support 3072 bits DH parameters [closed]