I wrote a blog post about our findings in Apple's CommonCrypto (and corecrypto) library https://www.massi.moe/blog/primality-testing-in-apple-core-crypto … with security update now live in macOS Mojave 10.14.1 and iOS 12.1 with @kennyog @martinralbrecht @jurajsomorovsky
It says "The two communicating parties, Alice and Bob, both agree on (p, q, g), which can be hard-wired in the software code." (FWIW, the J-PAKE RFC cites the J-PAKE implementation I added to Firefox/NSS.)
-
-
I think it's probably true that many specifications for many protocols (PAKE and otherwise) don't explicitly call out the importance of authenticating security parameters like these. I know (almost?) every NIST spec does call it out explicitly and in high detail.
-
People give SRP a lot of shit but the SRP white paper and the SRP RFCs explicitly demand a check for this attack.
End of conversation
New conversation -
-
-
"can" being the operative word, not "MUST"...
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.