Re: The Poly1305-AES message-authentication code
From: D. J. Bernstein (djb_at_cr.yp.to)
Date: 11/07/04
- Previous message: Tao Zhang: "Buffer overflow attacks, but no code injection"
- In reply to: David Wagner: "Re: The Poly1305-AES message-authentication code"
- Next in thread: David A. Scott: "Re: The Poly1305-AES message-authentication code"
- Reply: David A. Scott: "Re: The Poly1305-AES message-authentication code"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 6 Nov 2004 23:19:11 +0000 (UTC)
David Wagner wrote:
> But fortunately, we are not forced to use Diffie-Hellman key exchange
> with a static shared secret.
Diffie-Hellman is, as far as we know, unbreakable, and it is much more
efficient than any of the alternatives, primarily because we _can_ save
and reuse the shared secret.
Your religion says that we have to use other protocols---protocols that
are much too slow to be used for more than a fraction of all Internet
traffic. You call this ``fortunate''; I call it incredibly bad design.
---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago
- Previous message: Tao Zhang: "Buffer overflow attacks, but no code injection"
- In reply to: David Wagner: "Re: The Poly1305-AES message-authentication code"
- Next in thread: David A. Scott: "Re: The Poly1305-AES message-authentication code"
- Reply: David A. Scott: "Re: The Poly1305-AES message-authentication code"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
