Are you saying that it's dumb for DH because the attacker could just do static-DH anyway? Or because a simple dh_check()-like test is what you should do?
What's to stop that same someone from just using static DH parameters and stashing the secret ones? even if they are prime!
-
-
It is visible from outside whether the DH parameters are static / reused, and exfiltrating the secret half of every handshake's DH parameter is a lot of traffic.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.