public inbox for govpn-devel@lists.cypherpunks.ru
Atom feed
* [Govpn-devel] Security issues in protocol
@ 2015-05-04  1:59 Watson Ladd
  2015-05-04  7:57 ` stargrave
  2015-05-04 12:01 ` stargrave
  0 siblings, 2 replies; 3+ messages in thread
From: Watson Ladd @ 2015-05-04  1:59 UTC (permalink / raw)
  To: govpn-devel

Dear all,

It's possible for an attacker to mount an offline-guessing attack
against A-EKE as follows. First, the attacker compiles a list of all
possible DSA keys from a given list of passwords. Secondly, for each
key, the attacker determines if decryption with that key would produce
a valid Curve25519 public key. Only half of all thirty-two byte
strings are valid keys, so on average this removes half the
possibilities each time.

After observing approximately 40 or so exchanges, the attacker has
recovered the key.

This attack can be prevented by using Elligator, or by using
alternative PAKE schemes which are proved to be secure such as SPAKE2.

Sincerely,
Watson Ladd

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2015-05-04 12:03 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-05-04  1:59 [Govpn-devel] Security issues in protocol Watson Ladd
2015-05-04  7:57 ` stargrave
2015-05-04 12:01 ` stargrave