Hi Adam -- Anton Stiglic has a paper on various security issues that arise in DH implementations: http://crypto.cs.mcgill.ca/~stiglic/Papers/dhfull.pdf
The paper not only considers number-theoretic attacks, but also looks at other vulnerabilities (side-channel attacks, timing attacks, DoS, etc). Section seven has a nice summary of various secure DH implementation principles. Hope this helps! Regards, Zully P.S. If you come across any other pointers, please let me know. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Zulfikar Ramzan IP Dynamics, Inc. http://www.ipdynamics.com Secure, Scalable Virtual Community Networks -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Adam Shostack Sent: Wednesday, January 01, 2003 10:54 AM To: [EMAIL PROTECTED] Subject: Implementation guides for DH? I'm looking for a list of common implementation flaws in DH. Things like: How to check the key the other side sends, what are acceptable values for p, etc? Any pointers? Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
